Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Web Page Connect and Frequent Wi Fi Reset [Solved]

Started by Jackpine , Sep 23 2019 01:05 PM

  • This topic is locked This topic is locked

#1
Jackpine
Posted 23 September 2019 - 01:05 PM

Jackpine

    Member

  • Member
  • PipPipPip
  • 490 posts

Hello,

 

During the last few days, all web pages have been very slow to connect on my laptop.  In addition, I have had to use the Windows Network Troubleshooter to reset my Wi Fi quite often.  Note that the other laptops and desktop in the house don't have this problem.

 

There are no popups, or redirects.  FRST logs are provided below.

 

Thank you in advance for any help you may provide.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2019
Ran by Robert (administrator) on SHADOWFAX (Hewlett-Packard HP Pavilion 17 Notebook PC) (23-09-2019 14:38:33)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180448 2019-07-25] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG -> Nero AG)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30871536 2019-09-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30871536 2019-09-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054B3168-3537-4FFA-8F83-38329D62AA21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {1224973F-D8EF-4C05-960D-548EFCBF7F02} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-09-18] (Garmin International, Inc. -> )
Task: {19AAEA31-D5D8-4FAB-81E2-BFF88DAA5313} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {1CBD150A-7000-4B68-BC57-DD75DBE3F267} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2A46E0F0-BF35-4D34-A2A0-D5F2CCC1C5C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-13] (Adobe Inc. -> Adobe)
Task: {4B40DB7F-A298-4F8A-8A0F-3A77F167429F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {5FD4AD66-57F9-446C-8658-6A55AA23BB09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {61BE1EC9-E8AA-4745-BBFA-F42AF122568C} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {6510AEDA-4D54-4636-99E7-5D346A87696D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {68AB952A-7620-4D51-9A04-9ACFB2B2B7DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {82ABAF53-F6C7-433B-961E-3F6FA8AF9D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {850B844A-9D1F-4459-97DE-2021CE45525F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {856B9036-4BDE-4A22-9034-1998E7490AB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
Task: {8CABF83B-0C09-4FC1-A763-45065D5E325D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {A90C7AA3-D269-4F3E-9B40-7858EB23B002} - System32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {CD582F0A-09B9-4B81-BDC3-8F01946124C7} - System32\Tasks\{4979924A-EB1C-4F5D-B5AF-D4EBC35946DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Robert\Downloads\x-video-converter.exe -d C:\Users\Robert\Downloads
Task: {D87E6F9C-6844-4B47-8C7A-C0BC74D603B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {DB3EB686-B7C1-4B28-8A1E-C3854FE5924B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DF4123C2-437B-4A0A-A375-BC554AE4BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {EFC8D644-CC6D-4FD7-A985-4AE7C45B41B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F4E129AB-7B3D-4C2F-B248-2AFF728F2996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{42E1B6EA-3728-42A7-8E02-53ADCE251643}: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 192.168.99.10 192.168.99.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: rkbdbks1.default-1462932459567
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567 [2019-09-23]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-09-01]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-13] (Adobe Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-05-12] ( ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-25] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2428848 2019-07-25] (ESET, spol. s r.o. -> ESET)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-05-12] (Photodex Corporation -> )
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-23] (SolidWorks) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [53424 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [12533760 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [619008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82120 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [23752 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2019-07-25] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [102464 2019-07-25] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189232 2019-07-25] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [113336 2019-07-25] (ESET, spol. s r.o. -> ESET)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [40624 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-18] (Martin Malik - REALiX -> REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-09-23] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2514120 2015-02-18] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-18] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-23 14:38 - 2019-09-23 14:39 - 000029782 _____ C:\Users\Robert\Desktop\FRST.txt
2019-09-23 14:37 - 2019-09-23 14:07 - 001616384 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2019-09-23 10:04 - 2019-09-23 10:05 - 000000000 ____D C:\Users\Robert\Downloads\big hangover
2019-09-23 09:46 - 2019-09-23 09:49 - 000000000 ____D C:\Users\Robert\Downloads\BAIT_1954
2019-09-21 16:31 - 2019-09-21 16:31 - 000001873 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2019-09-21 16:31 - 2019-09-21 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2019-09-19 23:22 - 2019-09-22 19:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-09-17 09:26 - 2019-09-17 09:26 - 000000000 ____D C:\Users\Robert\Downloads\RIFIFI_DVD_rmHD
2019-09-16 15:48 - 2019-09-16 15:48 - 000000378 _____ C:\Users\Robert\Desktop\Duncan's SuDoku Solver.appref-ms
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\Documents\My SuDokus
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\Desktop\SuDoku Solver-10.1.6.9
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duncan's SuDoku Solver
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\AppData\Local\Deployment
2019-09-16 08:40 - 2019-09-16 08:40 - 000000000 ____D C:\Users\Robert\Downloads\Why Must I Die
2019-09-15 11:57 - 2019-09-15 11:57 - 000000000 ____D C:\Users\Robert\Downloads\Three Cheers For The Irish
2019-09-13 15:57 - 2019-09-13 15:57 - 000000000 ____D C:\Users\Robert\Downloads\The Wild North
2019-09-13 08:25 - 2019-09-13 08:25 - 000000000 ____D C:\Users\Robert\Downloads\How I Live Now (2013) NTSC DVD9
2019-09-10 21:58 - 2019-08-29 01:11 - 001385912 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-10 21:58 - 2019-08-29 01:02 - 007362808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-10 21:58 - 2019-08-28 22:43 - 001737504 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-10 21:58 - 2019-08-28 22:43 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-10 21:58 - 2019-08-28 22:42 - 001537560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-10 21:58 - 2019-08-28 22:42 - 001500848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-10 21:58 - 2019-08-28 22:42 - 001371256 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-09-10 21:58 - 2019-08-28 21:43 - 001125312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-10 21:58 - 2019-08-28 21:18 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-10 21:58 - 2019-08-27 01:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-10 21:58 - 2019-08-26 23:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-10 21:58 - 2019-08-26 23:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-10 21:58 - 2019-08-26 23:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-10 21:58 - 2019-08-26 23:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-10 21:58 - 2019-08-26 23:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-10 21:58 - 2019-08-26 23:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-10 21:58 - 2019-08-26 23:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-10 21:58 - 2019-08-26 22:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-10 21:58 - 2019-08-26 22:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-10 21:58 - 2019-08-26 22:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-09-10 21:58 - 2019-08-26 22:48 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-09-10 21:58 - 2019-08-26 22:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-10 21:58 - 2019-08-26 22:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-10 21:58 - 2019-08-26 22:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-10 21:58 - 2019-08-26 22:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-10 21:58 - 2019-08-26 22:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-09-10 21:58 - 2019-08-26 22:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-10 21:58 - 2019-08-26 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-09-10 21:58 - 2019-08-26 22:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-09-10 21:58 - 2019-08-26 22:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-10 21:58 - 2019-08-26 22:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-10 21:58 - 2019-08-26 22:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-10 21:58 - 2019-08-26 22:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-09-10 21:58 - 2019-08-26 22:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-10 21:58 - 2019-08-26 22:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-10 21:58 - 2019-08-26 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-09-10 21:58 - 2019-08-19 23:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-10 21:58 - 2019-08-15 05:47 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-09-10 21:58 - 2019-08-15 05:18 - 000805384 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-10 21:58 - 2019-08-15 03:29 - 000611448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-10 21:58 - 2019-08-13 16:04 - 000374000 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-10 21:58 - 2019-08-13 16:00 - 000316144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-10 21:58 - 2019-08-13 15:54 - 001368072 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-10 21:58 - 2019-08-13 15:09 - 001546992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-10 21:58 - 2019-08-13 13:15 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-09-10 21:58 - 2019-08-12 15:29 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-10 21:58 - 2019-08-12 14:44 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-10 21:58 - 2019-08-12 14:01 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-10 21:58 - 2019-08-12 14:00 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-10 21:58 - 2019-08-10 12:53 - 000426560 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-10 21:58 - 2019-08-10 12:51 - 000367176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-10 21:58 - 2019-08-09 13:48 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\NcaSvc.dll
2019-09-10 21:58 - 2019-08-09 13:18 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-10 21:58 - 2019-08-09 12:58 - 007035904 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-10 21:58 - 2019-08-09 12:28 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-10 21:58 - 2019-08-09 12:16 - 006217728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-10 21:58 - 2019-08-06 12:41 - 000403968 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-10 21:58 - 2019-08-06 12:41 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-10 21:58 - 2019-07-31 09:31 - 000571392 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-10 21:58 - 2019-07-23 15:12 - 000169264 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-10 21:58 - 2019-07-23 09:37 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-10 21:58 - 2019-07-11 00:02 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2019-09-10 21:58 - 2019-07-04 20:10 - 000108392 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2019-09-10 21:58 - 2019-07-04 20:07 - 000092040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2019-09-10 16:18 - 2019-09-10 16:18 - 000000000 ____D C:\Users\Robert\Documents\Amnesia
2019-09-10 07:57 - 2019-09-10 07:57 - 007086592 _____ (Open-Shell) C:\Users\Robert\Desktop\OpenShellSetup_4_4_131.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-23 14:38 - 2019-02-04 10:59 - 000000000 ____D C:\FRST
2019-09-23 14:38 - 2013-08-26 02:09 - 000962108 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-23 14:38 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-09-23 14:27 - 2014-04-23 19:02 - 000000000 ____D C:\Users\Robert\AppData\Roaming\ClassicShell
2019-09-23 14:21 - 2016-12-21 19:58 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-09-23 13:57 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-09-23 13:56 - 2016-11-29 23:05 - 000000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2019-09-23 13:52 - 2014-04-25 22:55 - 000000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2019-09-23 13:26 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-23 11:03 - 2014-04-27 16:37 - 000000000 ____D C:\Downloaded Games
2019-09-23 10:43 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-09-22 23:19 - 2018-10-17 20:48 - 000003172 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRobert
2019-09-22 23:19 - 2018-10-17 20:48 - 000000356 _____ C:\Windows\Tasks\HPCeeScheduleForRobert.job
2019-09-22 19:47 - 2014-04-23 18:58 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A055C58-84B1-4BA9-AD00-A48621AAEA0A}
2019-09-22 19:43 - 2014-04-23 19:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-21 16:55 - 2015-05-06 18:10 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1005
2019-09-21 16:32 - 2017-01-03 21:40 - 000000000 ____D C:\ProgramData\Garmin
2019-09-21 16:32 - 2013-12-12 04:29 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-21 16:31 - 2017-01-03 21:39 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2019-09-21 16:31 - 2017-01-03 21:39 - 000000000 ____D C:\Program Files (x86)\Garmin
2019-09-20 22:50 - 2013-12-12 04:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-09-20 09:31 - 2019-04-08 10:38 - 000000000 ____D C:\Users\Robert\Documents\Website Info
2019-09-20 07:55 - 2014-04-23 19:20 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-09-19 16:45 - 2019-05-22 18:25 - 000000000 ____D C:\Users\Robert\Documents\Camping Menus and Gear Lists
2019-09-17 08:31 - 2019-02-03 10:56 - 000000000 ____D C:\Users\Robert\Documents\Movie Collector
2019-09-16 15:48 - 2014-07-30 17:33 - 000000000 ____D C:\Users\Robert\AppData\Local\Apps\2.0
2019-09-13 21:15 - 2019-02-08 17:27 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-13 21:15 - 2014-08-16 22:34 - 000000000 ____D C:\Users\Robert\AppData\Local\Adobe
2019-09-13 21:15 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-13 21:15 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-13 21:13 - 2019-04-10 14:54 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-13 11:23 - 2016-02-15 00:19 - 000000000 ____D C:\Users\Robert\AppData\Roaming\MPC-HC
2019-09-12 11:16 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2019-09-11 08:45 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-09-10 22:15 - 2013-08-22 10:44 - 000512208 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-10 21:49 - 2019-07-10 09:49 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-09-10 21:49 - 2019-07-10 09:49 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-09-05 07:38 - 2016-04-07 15:12 - 000000000 ____D C:\Windows\softwaredistribution.bak1
2019-09-04 19:12 - 2019-03-28 12:04 - 000000000 ____D C:\Windows\Minidump
2019-08-29 19:45 - 2019-05-15 13:08 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-08-29 19:45 - 2019-05-15 13:08 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ================

2018-01-14 13:30 - 2018-01-14 13:31 - 000000077 _____ () C:\Users\Robert\SudokuWorks8.exe
2014-07-11 23:15 - 2014-07-11 23:15 - 000000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-18 08:30
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-09-2019
Ran by Robert (23-09-2019 14:40:41)
Running from C:\Users\Robert\Desktop
Windows 8.1 (Update) (X64) (2014-04-23 06:03:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3511957844-2261570385-1743981658-500 - Administrator - Disabled)
Guest (S-1-5-21-3511957844-2261570385-1743981658-501 - Limited - Disabled)
Robert (S-1-5-21-3511957844-2261570385-1743981658-1005 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
ANT Drivers Installer x64 (HKLM\...\{13411D72-7171-440B-978A-ECAA06920C4C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.5.0 - RedFox)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Dark Parables The Match Girls Lost Paradise Collectors 1.00 (HKLM-x32\...\Dark Parables The Match Girls Lost Paradise Collectors 1.00) (Version: 1.00 - Games)
Duncan's SuDoku Solver (HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\a0575e81e239a52c) (Version: 10.1.6.9 - Duncan's SuDoku Solver)
DVDFab 9.2.2.8 (02/02/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (HKLM-x32\...\{4E108B93-9865-45BF-A565-865AE20AC7FC}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Security (HKLM\...\{EC96F234-2A42-4D7D-9C33-443566F72BF5}) (Version: 12.2.23.0 - ESET, spol. s r.o.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.2.1540 - Software MacKiev)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{D646C2CC-7782-4B95-B1C8-D9503409A40A}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{ffecb7df-db17-4a27-9f6b-d61ba2d7bcff}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.12.32.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IsoBuster 1.9.1 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
K-Lite Mega Codec Pack 14.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.7.5 - KLCP)
Macrium Reflect Home Edition (HKLM\...\{017ED74E-8088-4765-8876-A250B3A1470C}) (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 69.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x64 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 69.0.1.7199 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.4 - Power Software Ltd)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.108 - Skype Technologies S.A.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.3.0.44_neutral__1618n3s9xq8tw [2013-12-12] (eBay, Inc)
Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-07-10] (KiddoTest)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.100.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.2.4.35_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Connected Photo powered by Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_1.9.123.1118_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.141_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe [2013-12-12] (Microsoft Studios) [MS Ad]
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.10.0.58_x64__mcm4njqhnhss8 [2013-12-12] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c [2013-12-12] (Skype) [MS Ad]
Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-07-10] (M1DF_Mmengesha)
Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-07-10] (m1df_lucyll)
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-07-10] (vasetest101)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.26590_x86__06qsbagp91rvg [2013-12-12] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip32.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-07-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2019-09-18 16:28 - 2019-09-18 16:28 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2013-08-19 17:48 - 2013-08-19 17:48 - 000016896 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\64e205fd2642e58e28ba11b5061bbed5\A4.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\fdcc5bf17ab74b3da52640692259d87e\AEM.Actions.CCAA.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\b52cf10e631f947f3ce978a05ddd83c4\AEM.Plugin.EEU.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\a7095e60757210e78c36ed9dbb4cb2a9\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\ffe14531b9f5f4c5505c4f38d2ede0e5\AEM.Plugin.Audio.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\730b0c26e14bd6048c95164f279ad0fe\AEM.Plugin.DPPE.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000282112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\9930eac511e5727fc68a1ca8164e9350\AEM.Plugin.Source.Kit.Server.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\6a560d2f9bf5816d04f80bf8c5a10961\AEM.Plugin.WinMessages.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\33158e19c9f318c281d681bc17da952c\AEM.Plugin.REG.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\f2856b74a4cd85d2f5092c21b13bc5b2\AEM.Plugin.GD.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\ea4e2847f8d7309d74272f5545c73f34\AEM.Server.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\a4f6dbc794bf061bec4003e54c99ac16\AEM.Server.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\33b099f15211beaced2ddaec38adef4b\APM.Foundation.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\9a71015fe96cc92537dff763a5e9bff6\ATICCCom.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\ac1f7fb6515151b96fb77a46bc49aa19\CCC.Implementation.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\48c468c0d40368f4a8d559d0722de275\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000153088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\40c91b400b06897c65c9d1f4edd5e253\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\6bb1acee3b06ee2f62f99d3b7dec0eec\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\366c1f68ae346632f591ff937dc3bd13\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\314606666d8d6833c40c5f51a1a593ab\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000072192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.398e7f7a#\d46d04bb74c4e56e91cbf2c1987cb012\CLI.Aspect.A4.A4.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\f2b1ea1490dd8fd19c6c636492f18dc9\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\6ee16b572b026d3b7974996e17facf26\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\3134adb88a8ada35f8bb39c28efb3cf3\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\c737a58605e68f29546259c5dffa1a58\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\45c0cb83a15f1fe38690ad246336939d\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\46011db21182ca95f41881724efb90c9\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\659ffee77cb136b653f931672ccfb78b\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\3bd531509843eddc216129de93ebc959\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\bb3710a5a41da769f5741ea6d9de18d0\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\f7139a5920474473f7da36c16a12e9f2\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000616960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\cc084c5ce5c003433ad8cd8ce99ea7fe\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000741376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\0f38ea5fc7dc4c2ea240a6b3fd60e531\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\6728927e37a26de6b365fafdb22bb2cc\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\a14cc1b037fd8fdc7f19195f7096a12a\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\0656ec7656ce27d648bf94e36d729656\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\b3dd4ea8d3d145b5a12984197fa2bdb6\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\6a018058ba9230c5c963c1e14b70a802\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\1d34f417ba54ec57f08a901cfd4f14f2\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000313344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\8311d5514cdb75ba93d9721466a8ab4b\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\2470ac4bf776e88bbb211fd873bd0b08\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\2e4a14e25360dbf75b6f1250dae22e66\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\5351000f35db589729fbe542b47d9a2c\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e76f4137#\d7977c409addca3b08597d3d66ff313d\CLI.Aspect.A4.A4.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000273408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\30771d3f5ce3e67d3eb30563ea5c6085\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 003358720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\f8c997469c2c747305fc7a91555efe15\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000240128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\a07529acd3ca27a7bc14df7cb1799723\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\b0e1edf83bb781eee9eadab5b14af350\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\12c0ded256932efba032788cd73c361b\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f38af62f#\7e88e2b131151e5631c1f64eaff8f54c\CLI.Aspect.A4.A4.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\e2844846c5d116a61c902c1a9a725bd8\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\fcfcbedc0491c4e1aca7b719d0505cb5\CLI.Caste.A4.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\937bee3854b041e327f8738490c30a29\CLI.Caste.A4.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\4e1a554847e26ccd4dd5bb38bf706aa5\CLI.Caste.A4.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\2b835f74eabaa742c104cde4088d19ef\CLI.Caste.Fuel.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\dad67978595f14163f8f71314d6ac4c5\CLI.Caste.Fuel.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\40e1121eca6ab42130c50f99c2c918d1\CLI.Caste.Fuel.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\b51061a99f4d7c3e1e999ac8a536dfe5\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 001548800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\4ca4ea39a61952719630e5ee0940435a\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000472576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\1a31a5a5b523efb40609232aa124749a\CLI.Caste.Graphics.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\3b1a7592fa675febee1550110b89336b\CLI.Caste.HydraVision.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\e91d6e5971a18217f2e64026f5b8069f\CLI.Caste.HydraVision.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\55ad18dc645d268a29d9ef2756543d09\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\05f3364eb0e54c46d20a2e5e033c5742\CLI.Caste.Platform.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\6edc0a60e74f920caf186e7ef76b4a4f\CLI.Caste.Platform.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\61fee1f2eaf86b8ca5f7b533a56a4200\CLI.Caste.Platform.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\27de2642377813869564a938f10bc366\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\7c0464f0b710384e2c12471e69cd906c\CLI.Component.Runtime.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\cfd0488177a53cf70ef56890e978c239\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\75a20ccf1ce99ea8ab1525e0693e27eb\CLI.Component.Runtime.Shared.Private.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\e5806595a746c954ca7705252bfafa7b\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 001603584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\b3608a217f3a509f69223ea398607633\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\e6b6cadb042c41a95d71a7f64d3eb1fa\CLI.Component.Client.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000084992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\82bfef49a69851f1bd96b50a2433be12\CLI.Component.Dashboard.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\b28a00869822944f18d5b453e766c417\CLI.Foundation.Private.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\e2a094b2825f0b4a7251c5828be94a31\CLI.Foundation.XManifest.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\1d424534fe59c1319c12bc62f58a3f16\CLI.Foundation.CoreAudioAPI.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000933888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\7b44aee4478eaacd2f98c66ae3cdcb2c\CLI.Foundation.Client.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\2c68ae2fbef24f9aaec36a626ed2b102\CLI.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\c1706df93da7dec683f577997a0bdfb3\DEM.Graphics.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\6117c5d8e7767c0b94e92e437a67bfc8\Fuel.Foundation.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\0bf8094fa622ac4faff96ed3d7cfc412\LOG.Foundation.Implementation.ni.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\da312f1e8d3b2f2c0837900727095aff\LOG.Foundation.Private.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000087040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\6987e7640a5a7ac3e3a0c92ed4975357\LOG.Foundation.Implementation.Private.ni.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000123392 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\08425b09e1763f4712ff186b10f10037\LOG.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\99d8a3220516626c80f8a81cd3482bcc\MOM.Foundation.ni.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\e30b0401980f709608796834fb4fd388\MOM.Implementation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\e71af2d39b4e2a82cf839ed6089a2ec2\NEWAEM.Foundation.ni.dll
2013-08-19 17:38 - 2013-08-19 17:38 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2013-08-19 17:37 - 2013-08-19 17:37 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000774656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\0d4bd38d21b99476d71263e73ad7e7f7\ADL.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000250880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\9c74819595a7b62740db9140e4ae6478\APM.Server.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000297984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\6dd7cff479265dbe405a013d40e6aaec\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 001652736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\4cbb005477faef06ee803dffaab74d01\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000740864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\7aab30ba2784efb55a98d8f507e1538f\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 002559488 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\c4f0ce2b933c3cefb7b164d7a666d8f1\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000989696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\86bae9c18e11598ee1f3c271cf6280d7\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\cfa45e66aa99a28fa29aecf711872aaf\CLI.Component.Client.Shared.Private.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000233472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\a20b1c2de5c5d7ed73d943992c3801af\CLI.Component.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000914944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\e8771ee0ab2407ca6fd1c95cc28cfab2\CLI.Component.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\2c5d437c65b33b1b02f4dd62cfd2dce9\DEM.Graphics.I0706.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\a60dcac472514f0d69c2c18947dda216\DEM.Graphics.I0709.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\40d6768770f2d15df1742a02a993d65d\DEM.Graphics.I0712.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\bd858cb65685267acffc5bacf9bb5269\DEM.Graphics.I0804.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\8e58daeca6b504a0becefcc912a78449\DEM.Graphics.I0805.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\45a17b4a5530561053a8a4f1d28a4ab5\DEM.Graphics.I0812.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\6053e5db01ebb00b4fa94d4c3919ca87\DEM.Graphics.I0906.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\67542f3e868b12b29bace79626076af0\DEM.Graphics.I0912.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\f55507c8f1b13f7f8f150483f1ddf1b7\DEM.Graphics.I1010.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 001005568 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\7f4419ca3b535910e6627e884b6f8ef9\Localization.Foundation.Private.ni.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\6105b9a6bea7549b394b1b2965ea7859\ResourceManagement.Foundation.Implementation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\d900dc2c3859a25b9bbae1084172f677\ResourceManagement.Foundation.Private.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\9f77177c2d7701d8b6e401f6fb05a0d5\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 002286592 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\8c2d23aeef5b0ae44b34688abd6904c2\CLI.Caste.Graphics.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 002788864 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\dc5205266603f0296afcb477218b161c\CLI.Caste.Graphics.Runtime.ni.dll
2019-09-18 16:28 - 2019-09-18 16:28 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000025600 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\faad3493a001b98a4b94753251f6c7d6\DEM.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000115200 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\138049a5558801c20eea05ccefb1700f\DEM.Graphics.I0601.ni.dll
2019-09-18 16:30 - 2019-09-18 16:30 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-09-18 16:28 - 2019-09-18 16:28 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2019-09-18 16:28 - 2019-09-18 16:28 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000803520 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 003374272 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2003-03-19 06:14 - 2003-03-19 06:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 14:42 - 2003-02-21 14:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2013-12-12 15:49 - 2013-12-12 15:49 - 000037512 _____ (Raxco Software, Inc. -> Raxco Software, Inc.) [File not signed] C:\Program Files\Common Files\Raxco\Shared\PDEnginePS.dll
2019-09-18 16:29 - 2019-09-18 16:29 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2017-04-09 23:49 - 2017-04-09 23:49 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\Temp:2398E95B [139]
AlternateDataStreams: C:\ProgramData\Temp:FC97DEBC [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-12-21 19:57 - 000000178 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\Wallpaper -> C:\Photos\WIND RIVER BOB\DSC00376.JPG
DNS Servers: 192.168.2.1 - 207.164.234.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe No File
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe No File
FirewallRules: [{7516FD80-6552-4D75-8FE8-BE23EACA781B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D5D68CB-2589-455F-9FA2-4314A4E9C891}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{50D5CDDC-5780-497E-A0CB-E1A50EF54E1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C35C7DA0-B461-415E-872E-97C28B174D95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33FF83E7-D837-4CAF-A42E-88D1286DA898}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{F9511E3C-4DEC-4B7F-A36F-B23406781868}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{7FE3058F-AEDE-493C-8576-F4DB9DA408DC}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe No File
FirewallRules: [{D712D4C1-3349-41B7-8592-E299B2D7BBB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File

==================== Restore Points =========================

03-09-2019 12:40:27 JRT Pre-Junkware Removal
10-09-2019 21:59:23 Windows Update
17-09-2019 17:26:04 Windows Update
21-09-2019 16:29:41 Garmin Express
23-09-2019 13:19:28 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2019 10:48:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/23/2019 10:45:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 1.3.4.0, time stamp: 0x54e2a903
Faulting module name: OLEAUT32.dll, version: 6.3.9600.19460, time stamp: 0x5d54f39d
Exception code: 0xc0000005
Fault offset: 0x00005210
Faulting process id: 0x814
Faulting application start time: 0x01d5721d5c7bf112
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
Faulting module path: C:\Windows\SYSTEM32\OLEAUT32.dll
Report Id: bf86504a-de10-11e9-86c0-5435306021e4
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/23/2019 01:25:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/23/2019 01:25:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ScsiAccess service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDEngine service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2019 01:25:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
===================================
Date: 2015-10-28 23:09:35.766
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0

Date: 2015-05-07 20:07:04.679
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2015-05-07 20:05:55.325
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2014-12-29 21:26:36.484
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2014-12-29 21:25:37.068
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

CodeIntegrity:
===================================

Date: 2016-04-07 16:43:13.281
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 16:02:36.066
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 14:43:27.801
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 07:18:22.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 21:16:11.470
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 17:38:05.676
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 16:46:43.931
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-05 22:59:18.702
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde F.37 10/22/2015
Motherboard: Hewlett-Packard 213B
Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 7643.95 MB
Available physical RAM: 5498.39 MB
Total Virtual: 15323.95 MB
Available Virtual: 12873.94 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:326.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b412d7c1-a189-4967-aa4a-59b14fdfd4c1}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
icotonev
Posted 28 September 2019 - 07:10 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 250 posts

Hi..! Sorry for the delay..! If you still need help please follow:

 

Malware and Spyware Cleaning Guide,

 

 

---------------------------------------------------

In your next reply, please include:

  • FRST.txt
  • Addition.txt

  • 0

#3
Jackpine
Posted 28 September 2019 - 08:17 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Hello,

 

Here are the scans.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2019
Ran by Robert (administrator) on SHADOWFAX (Hewlett-Packard HP Pavilion 17 Notebook PC) (28-09-2019 10:07:22)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [180736 2019-09-25] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG -> Nero AG)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22588760 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30871024 2019-08-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30871024 2019-08-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054B3168-3537-4FFA-8F83-38329D62AA21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {0DC63030-9A9F-4626-A554-0E0B3538C477} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [99208 2016-06-24] (Hewlett-Packard Company -> HP Inc.)
Task: {155D3729-590D-40AC-8F39-0477A50319F6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-08-21] (Garmin International, Inc. -> )
Task: {19AAEA31-D5D8-4FAB-81E2-BFF88DAA5313} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {1CBD150A-7000-4B68-BC57-DD75DBE3F267} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16571320 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2A46E0F0-BF35-4D34-A2A0-D5F2CCC1C5C3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [1457720 2019-09-13] (Adobe Inc. -> Adobe)
Task: {4B40DB7F-A298-4F8A-8A0F-3A77F167429F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {5FD4AD66-57F9-446C-8658-6A55AA23BB09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {6510AEDA-4D54-4636-99E7-5D346A87696D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {68AB952A-7620-4D51-9A04-9ACFB2B2B7DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {82ABAF53-F6C7-433B-961E-3F6FA8AF9D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {850B844A-9D1F-4459-97DE-2021CE45525F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {856B9036-4BDE-4A22-9034-1998E7490AB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [249720 2019-08-19] (HP Inc. -> HP Inc.)
Task: {8CABF83B-0C09-4FC1-A763-45065D5E325D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {A90C7AA3-D269-4F3E-9B40-7858EB23B002} - System32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {CD582F0A-09B9-4B81-BDC3-8F01946124C7} - System32\Tasks\{4979924A-EB1C-4F5D-B5AF-D4EBC35946DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Robert\Downloads\x-video-converter.exe -d C:\Users\Robert\Downloads
Task: {D87E6F9C-6844-4B47-8C7A-C0BC74D603B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1094008 2019-08-21] (HP Inc. -> HP Inc.)
Task: {DB3EB686-B7C1-4B28-8A1E-C3854FE5924B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DF4123C2-437B-4A0A-A375-BC554AE4BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {EFC8D644-CC6D-4FD7-A985-4AE7C45B41B3} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-05-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F4E129AB-7B3D-4C2F-B248-2AFF728F2996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{42E1B6EA-3728-42A7-8E02-53ADCE251643}: [DhcpNameServer] 192.168.2.1 207.164.234.129
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 192.168.99.10 192.168.99.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

FireFox:
========
FF DefaultProfile: rkbdbks1.default-1462932459567
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567 [2019-09-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [2019-09-13] (Adobe Inc. -> )
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [2019-09-13] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-05-12] ( ) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2431696 2019-09-25] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2431696 2019-09-25] (ESET, spol. s r.o. -> ESET)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [358264 2019-08-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-05-12] (Photodex Corporation -> )
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-23] (SolidWorks) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [53424 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [12533760 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [619008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82120 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [23752 2015-02-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149144 2019-07-25] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [102464 2019-07-25] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189232 2019-07-25] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [113336 2019-07-25] (ESET, spol. s r.o. -> ESET)
R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [40624 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-18] (Martin Malik - REALiX -> REALiX™)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2019-09-28] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2514120 2015-02-18] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-18] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 10:07 - 2019-09-28 10:09 - 000029109 _____ C:\Users\Robert\Desktop\FRST.txt
2019-09-28 09:58 - 2019-09-28 09:58 - 001616384 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2019-09-25 22:20 - 2019-09-25 22:20 - 000000000 ____D C:\Users\Robert\Downloads\Yesterday (2019) R1 NTSC DVD9
2019-09-24 23:03 - 2019-09-24 23:03 - 000000000 ____D C:\Users\Robert\Downloads\The Steel Jungle
2019-09-24 20:50 - 2019-09-24 20:50 - 000002541 _____ C:\Users\Robert\Desktop\Apothecarium Renaissance of Evil Collectors .lnk
2019-09-24 20:50 - 2019-09-24 20:50 - 000000000 ____D C:\Users\Robert\AppData\Roaming\SMIGames
2019-09-24 19:53 - 2019-09-24 19:53 - 004154963 _____ C:\Users\Robert\Desktop\Actifry Original 1.2kg Manual.pdf
2019-09-23 20:31 - 2019-09-26 08:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-09-16 15:48 - 2019-09-16 15:48 - 000000378 _____ C:\Users\Robert\Desktop\Duncan's SuDoku Solver.appref-ms
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\Documents\My SuDokus
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\Desktop\SuDoku Solver-10.1.6.9
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duncan's SuDoku Solver
2019-09-16 15:48 - 2019-09-16 15:48 - 000000000 ____D C:\Users\Robert\AppData\Local\Deployment
2019-09-10 21:58 - 2019-08-29 01:11 - 001385912 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-10 21:58 - 2019-08-29 01:02 - 007362808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-09-10 21:58 - 2019-08-28 22:43 - 001737504 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-09-10 21:58 - 2019-08-28 22:43 - 001677024 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-09-10 21:58 - 2019-08-28 22:42 - 001537560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-10 21:58 - 2019-08-28 22:42 - 001500848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-09-10 21:58 - 2019-08-28 22:42 - 001371256 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-09-10 21:58 - 2019-08-28 21:43 - 001125312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-10 21:58 - 2019-08-28 21:18 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-09-10 21:58 - 2019-08-27 01:07 - 025752064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-09-10 21:58 - 2019-08-26 23:29 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-09-10 21:58 - 2019-08-26 23:27 - 000579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-09-10 21:58 - 2019-08-26 23:21 - 020290560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-09-10 21:58 - 2019-08-26 23:17 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-09-10 21:58 - 2019-08-26 23:17 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-09-10 21:58 - 2019-08-26 23:15 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-09-10 21:58 - 2019-08-26 23:03 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-09-10 21:58 - 2019-08-26 22:59 - 002301952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-09-10 21:58 - 2019-08-26 22:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-09-10 21:58 - 2019-08-26 22:53 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-09-10 21:58 - 2019-08-26 22:48 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-09-10 21:58 - 2019-08-26 22:42 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-09-10 21:58 - 2019-08-26 22:39 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-09-10 21:58 - 2019-08-26 22:37 - 002132480 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-09-10 21:58 - 2019-08-26 22:36 - 015389184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-09-10 21:58 - 2019-08-26 22:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-09-10 21:58 - 2019-08-26 22:30 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-09-10 21:58 - 2019-08-26 22:27 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-09-10 21:58 - 2019-08-26 22:27 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-09-10 21:58 - 2019-08-26 22:26 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-09-10 21:58 - 2019-08-26 22:23 - 013791744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-09-10 21:58 - 2019-08-26 22:15 - 001568256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-09-10 21:58 - 2019-08-26 22:09 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-09-10 21:58 - 2019-08-26 22:06 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-09-10 21:58 - 2019-08-26 22:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-09-10 21:58 - 2019-08-26 22:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-09-10 21:58 - 2019-08-19 23:49 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-10 21:58 - 2019-08-15 05:47 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-09-10 21:58 - 2019-08-15 05:18 - 000805384 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-10 21:58 - 2019-08-15 03:29 - 000611448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-10 21:58 - 2019-08-13 16:04 - 000374000 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-10 21:58 - 2019-08-13 16:00 - 000316144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-10 21:58 - 2019-08-13 15:54 - 001368072 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-10 21:58 - 2019-08-13 15:09 - 001546992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-10 21:58 - 2019-08-13 13:15 - 000121288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2019-09-10 21:58 - 2019-08-12 15:29 - 004169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-09-10 21:58 - 2019-08-12 14:44 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-10 21:58 - 2019-08-12 14:01 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-10 21:58 - 2019-08-12 14:00 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-10 21:58 - 2019-08-10 12:53 - 000426560 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-10 21:58 - 2019-08-10 12:51 - 000367176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-09-10 21:58 - 2019-08-10 09:20 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-10 21:58 - 2019-08-09 13:48 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\NcaSvc.dll
2019-09-10 21:58 - 2019-08-09 13:18 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-10 21:58 - 2019-08-09 12:58 - 007035904 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-10 21:58 - 2019-08-09 12:28 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-10 21:58 - 2019-08-09 12:16 - 006217728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-10 21:58 - 2019-08-06 12:41 - 000403968 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-10 21:58 - 2019-08-06 12:41 - 000401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-09-10 21:58 - 2019-07-31 09:31 - 000571392 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-10 21:58 - 2019-07-23 15:12 - 000169264 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-10 21:58 - 2019-07-23 09:37 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-10 21:58 - 2019-07-23 09:37 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-10 21:58 - 2019-07-11 00:02 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys
2019-09-10 21:58 - 2019-07-04 20:10 - 000108392 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2019-09-10 21:58 - 2019-07-04 20:07 - 000092040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2019-09-10 16:18 - 2019-09-10 16:18 - 000000000 ____D C:\Users\Robert\Documents\Amnesia
2019-09-10 07:57 - 2019-09-10 07:57 - 007086592 _____ (Open-Shell) C:\Users\Robert\Desktop\OpenShellSetup_4_4_131.exe
2019-09-02 18:16 - 2019-09-23 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2019-09-02 18:16 - 2019-09-02 18:16 - 000001873 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2019-09-02 18:16 - 2019-09-02 18:16 - 000001873 _____ C:\ProgramData\Desktop\Garmin Express.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-28 10:08 - 2019-02-04 10:59 - 000000000 ____D C:\FRST
2019-09-28 10:05 - 2016-11-29 23:05 - 000000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2019-09-28 10:05 - 2014-04-25 22:55 - 000000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2019-09-28 09:29 - 2016-12-21 19:58 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2019-09-28 04:20 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-09-27 21:56 - 2014-04-23 19:02 - 000000000 ____D C:\Users\Robert\AppData\Roaming\ClassicShell
2019-09-27 18:00 - 2014-04-23 18:58 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A055C58-84B1-4BA9-AD00-A48621AAEA0A}
2019-09-27 16:38 - 2014-04-27 16:37 - 000000000 ____D C:\Downloaded Games
2019-09-27 13:05 - 2019-04-08 10:38 - 000000000 ____D C:\Users\Robert\Documents\Website Info
2019-09-27 09:33 - 2013-08-26 02:09 - 000962108 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-26 09:35 - 2019-02-03 10:56 - 000000000 ____D C:\Users\Robert\Documents\Movie Collector
2019-09-26 08:55 - 2018-10-17 20:48 - 000000356 _____ C:\Windows\Tasks\HPCeeScheduleForRobert.job
2019-09-26 08:55 - 2014-04-23 19:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-09-26 08:55 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-25 12:53 - 2018-10-17 20:48 - 000003172 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRobert
2019-09-24 21:59 - 2015-05-06 18:10 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1005
2019-09-24 20:47 - 2014-05-04 17:08 - 000000000 ____D C:\Program Files (x86)\Games
2019-09-24 14:48 - 2019-05-22 18:25 - 000000000 ____D C:\Users\Robert\Documents\Camping Menus and Gear Lists
2019-09-23 20:40 - 2014-04-23 19:20 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-09-23 19:52 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-09-23 19:00 - 2014-04-23 18:57 - 000000000 ____D C:\Users\Robert
2019-09-23 18:56 - 2017-01-03 21:40 - 000000000 ____D C:\ProgramData\Garmin
2019-09-23 18:53 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2019-09-23 18:45 - 2014-04-23 19:20 - 000000000 ____D C:\Users\Robert\AppData\Local\Mozilla
2019-09-23 18:45 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2019-09-23 18:44 - 2017-01-03 21:39 - 000000000 ____D C:\Program Files (x86)\Garmin
2019-09-23 18:44 - 2013-12-12 04:29 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-23 10:43 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-09-16 15:48 - 2014-07-30 17:33 - 000000000 ____D C:\Users\Robert\AppData\Local\Apps\2.0
2019-09-16 13:23 - 2013-12-12 04:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2019-09-13 21:15 - 2019-02-08 17:27 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-09-13 21:15 - 2014-08-16 22:34 - 000000000 ____D C:\Users\Robert\AppData\Local\Adobe
2019-09-13 21:15 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-13 21:15 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-13 21:13 - 2019-04-10 14:54 - 000002812 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-13 11:23 - 2016-02-15 00:19 - 000000000 ____D C:\Users\Robert\AppData\Roaming\MPC-HC
2019-09-12 11:16 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2019-09-11 23:22 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI(7)
2019-09-11 23:22 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI(6)
2019-09-11 08:45 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-09-10 22:15 - 2013-08-22 10:44 - 000512208 _____ C:\Windows\system32\FNTCACHE.DAT
2019-09-10 21:49 - 2019-07-10 09:49 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-09-10 21:49 - 2019-07-10 09:49 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-09-05 07:38 - 2016-04-07 15:12 - 000000000 ____D C:\Windows\softwaredistribution.bak1
2019-09-04 19:12 - 2019-03-28 12:04 - 000000000 ____D C:\Windows\Minidump
2019-09-02 18:15 - 2017-01-03 21:39 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2019-08-29 19:45 - 2019-05-15 13:08 - 000835480 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-08-29 19:45 - 2019-05-15 13:08 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ================

2018-01-14 13:30 - 2018-01-14 13:31 - 000000077 _____ () C:\Users\Robert\SudokuWorks8.exe
2014-07-11 23:15 - 2014-07-11 23:15 - 000000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-28 04:20
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Robert (28-09-2019 10:10:10)
Running from C:\Users\Robert\Desktop
Windows 8.1 (Update) (X64) (2014-04-23 06:03:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3511957844-2261570385-1743981658-500 - Administrator - Disabled)
Guest (S-1-5-21-3511957844-2261570385-1743981658-501 - Limited - Disabled)
Robert (S-1-5-21-3511957844-2261570385-1743981658-1005 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.255 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
ANT Drivers Installer x64 (HKLM\...\{8F3BCD5E-6E82-4C79-ABDC-8B9ACE5F9F63}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.5.0 - RedFox)
Apothecarium Renaissance of Evil Collectors Updated 1.0.1 (HKLM-x32\...\Apothecarium Renaissance of Evil Collectors Updated 1.0.1) (Version: 1.0.1 - Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.57 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Duncan's SuDoku Solver (HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\a0575e81e239a52c) (Version: 10.1.6.9 - Duncan's SuDoku Solver)
DVDFab 9.2.2.8 (02/02/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (HKLM-x32\...\{D65F0A69-836E-419F-B817-A82A1A0B04A3}) (Version: 6.17.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Security (HKLM\...\{EC96F234-2A42-4D7D-9C33-443566F72BF5}) (Version: 12.2.29.0 - ESET, spol. s r.o.)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.2.1540 - Software MacKiev)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{4A1D1574-78D4-48E5-A587-84392EEA5C8A}) (Version: 6.17.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{624907e5-2ad8-4617-a97f-9e051f9179dd}) (Version: 6.17.0.0 - Garmin Ltd or its subsidiaries)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.12.32.3 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IsoBuster 1.9.1 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
K-Lite Mega Codec Pack 14.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.7.5 - KLCP)
Macrium Reflect Home Edition (HKLM\...\{017ED74E-8088-4765-8876-A250B3A1470C}) (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 69.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x64 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 69.0.1.7199 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.4 - Power Software Ltd)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.108 - Skype Technologies S.A.)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.3.0.44_neutral__1618n3s9xq8tw [2013-12-12] (eBay, Inc)
Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-07-10] (KiddoTest)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.100.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.2.4.35_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Connected Photo powered by Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_1.9.123.1118_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.141_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe [2013-12-12] (Microsoft Studios) [MS Ad]
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.10.0.58_x64__mcm4njqhnhss8 [2013-12-12] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c [2013-12-12] (Skype) [MS Ad]
Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-07-10] (M1DF_Mmengesha)
Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-07-10] (m1df_lucyll)
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-07-10] (vasetest101)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.26590_x86__06qsbagp91rvg [2013-12-12] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-09-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-09-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip32.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-09-25] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2019-09-18 16:28 - 2019-08-21 13:00 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2013-08-19 17:48 - 2013-08-19 17:48 - 000016896 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\64e205fd2642e58e28ba11b5061bbed5\A4.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\fdcc5bf17ab74b3da52640692259d87e\AEM.Actions.CCAA.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\b52cf10e631f947f3ce978a05ddd83c4\AEM.Plugin.EEU.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\a7095e60757210e78c36ed9dbb4cb2a9\AEM.Plugin.Hotkeys.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\ffe14531b9f5f4c5505c4f38d2ede0e5\AEM.Plugin.Audio.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\730b0c26e14bd6048c95164f279ad0fe\AEM.Plugin.DPPE.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000282112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\9930eac511e5727fc68a1ca8164e9350\AEM.Plugin.Source.Kit.Server.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\6a560d2f9bf5816d04f80bf8c5a10961\AEM.Plugin.WinMessages.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\33158e19c9f318c281d681bc17da952c\AEM.Plugin.REG.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\f2856b74a4cd85d2f5092c21b13bc5b2\AEM.Plugin.GD.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\ea4e2847f8d7309d74272f5545c73f34\AEM.Server.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\a4f6dbc794bf061bec4003e54c99ac16\AEM.Server.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\33b099f15211beaced2ddaec38adef4b\APM.Foundation.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\9a71015fe96cc92537dff763a5e9bff6\ATICCCom.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\ac1f7fb6515151b96fb77a46bc49aa19\CCC.Implementation.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\48c468c0d40368f4a8d559d0722de275\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000153088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\40c91b400b06897c65c9d1f4edd5e253\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\6bb1acee3b06ee2f62f99d3b7dec0eec\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\366c1f68ae346632f591ff937dc3bd13\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\314606666d8d6833c40c5f51a1a593ab\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000072192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.398e7f7a#\d46d04bb74c4e56e91cbf2c1987cb012\CLI.Aspect.A4.A4.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\f2b1ea1490dd8fd19c6c636492f18dc9\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\6ee16b572b026d3b7974996e17facf26\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\3134adb88a8ada35f8bb39c28efb3cf3\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\c737a58605e68f29546259c5dffa1a58\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\45c0cb83a15f1fe38690ad246336939d\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\46011db21182ca95f41881724efb90c9\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\659ffee77cb136b653f931672ccfb78b\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\3bd531509843eddc216129de93ebc959\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\bb3710a5a41da769f5741ea6d9de18d0\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\f7139a5920474473f7da36c16a12e9f2\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000616960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\cc084c5ce5c003433ad8cd8ce99ea7fe\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000741376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\0f38ea5fc7dc4c2ea240a6b3fd60e531\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\6728927e37a26de6b365fafdb22bb2cc\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\a14cc1b037fd8fdc7f19195f7096a12a\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\0656ec7656ce27d648bf94e36d729656\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\b3dd4ea8d3d145b5a12984197fa2bdb6\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\6a018058ba9230c5c963c1e14b70a802\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\1d34f417ba54ec57f08a901cfd4f14f2\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000313344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\8311d5514cdb75ba93d9721466a8ab4b\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\2470ac4bf776e88bbb211fd873bd0b08\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\2e4a14e25360dbf75b6f1250dae22e66\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\5351000f35db589729fbe542b47d9a2c\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e76f4137#\d7977c409addca3b08597d3d66ff313d\CLI.Aspect.A4.A4.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000273408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\30771d3f5ce3e67d3eb30563ea5c6085\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 003358720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\f8c997469c2c747305fc7a91555efe15\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000240128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\a07529acd3ca27a7bc14df7cb1799723\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\b0e1edf83bb781eee9eadab5b14af350\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\12c0ded256932efba032788cd73c361b\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f38af62f#\7e88e2b131151e5631c1f64eaff8f54c\CLI.Aspect.A4.A4.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\e2844846c5d116a61c902c1a9a725bd8\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\fcfcbedc0491c4e1aca7b719d0505cb5\CLI.Caste.A4.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\937bee3854b041e327f8738490c30a29\CLI.Caste.A4.Shared.ni.dll
2019-09-12 09:53 - 2019-09-12 09:53 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\4e1a554847e26ccd4dd5bb38bf706aa5\CLI.Caste.A4.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\2b835f74eabaa742c104cde4088d19ef\CLI.Caste.Fuel.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\dad67978595f14163f8f71314d6ac4c5\CLI.Caste.Fuel.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\40e1121eca6ab42130c50f99c2c918d1\CLI.Caste.Fuel.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\b51061a99f4d7c3e1e999ac8a536dfe5\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 001548800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\4ca4ea39a61952719630e5ee0940435a\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000472576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\1a31a5a5b523efb40609232aa124749a\CLI.Caste.Graphics.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\3b1a7592fa675febee1550110b89336b\CLI.Caste.HydraVision.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\e91d6e5971a18217f2e64026f5b8069f\CLI.Caste.HydraVision.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\55ad18dc645d268a29d9ef2756543d09\CLI.Caste.HydraVision.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\05f3364eb0e54c46d20a2e5e033c5742\CLI.Caste.Platform.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\6edc0a60e74f920caf186e7ef76b4a4f\CLI.Caste.Platform.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\61fee1f2eaf86b8ca5f7b533a56a4200\CLI.Caste.Platform.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\27de2642377813869564a938f10bc366\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\7c0464f0b710384e2c12471e69cd906c\CLI.Component.Runtime.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\cfd0488177a53cf70ef56890e978c239\CLI.Component.Dashboard.ProfileManager2.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\75a20ccf1ce99ea8ab1525e0693e27eb\CLI.Component.Runtime.Shared.Private.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\e5806595a746c954ca7705252bfafa7b\CLI.Component.Runtime.Extension.EEU.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 001603584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\b3608a217f3a509f69223ea398607633\CLI.Component.Dashboard.Shared.Private.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\e6b6cadb042c41a95d71a7f64d3eb1fa\CLI.Component.Client.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000084992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\82bfef49a69851f1bd96b50a2433be12\CLI.Component.Dashboard.Shared.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\b28a00869822944f18d5b453e766c417\CLI.Foundation.Private.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\e2a094b2825f0b4a7251c5828be94a31\CLI.Foundation.XManifest.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\1d424534fe59c1319c12bc62f58a3f16\CLI.Foundation.CoreAudioAPI.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000933888 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\7b44aee4478eaacd2f98c66ae3cdcb2c\CLI.Foundation.Client.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\2c68ae2fbef24f9aaec36a626ed2b102\CLI.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\c1706df93da7dec683f577997a0bdfb3\DEM.Graphics.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\6117c5d8e7767c0b94e92e437a67bfc8\Fuel.Foundation.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\0bf8094fa622ac4faff96ed3d7cfc412\LOG.Foundation.Implementation.ni.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\da312f1e8d3b2f2c0837900727095aff\LOG.Foundation.Private.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000087040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\6987e7640a5a7ac3e3a0c92ed4975357\LOG.Foundation.Implementation.Private.ni.dll
2019-09-12 09:50 - 2019-09-12 09:50 - 000123392 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\08425b09e1763f4712ff186b10f10037\LOG.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\99d8a3220516626c80f8a81cd3482bcc\MOM.Foundation.ni.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\e30b0401980f709608796834fb4fd388\MOM.Implementation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\e71af2d39b4e2a82cf839ed6089a2ec2\NEWAEM.Foundation.ni.dll
2013-08-19 17:37 - 2013-08-19 17:37 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000774656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\0d4bd38d21b99476d71263e73ad7e7f7\ADL.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000250880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\9c74819595a7b62740db9140e4ae6478\APM.Server.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000297984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\6dd7cff479265dbe405a013d40e6aaec\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 001652736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\4cbb005477faef06ee803dffaab74d01\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000740864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\7aab30ba2784efb55a98d8f507e1538f\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 002559488 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\c4f0ce2b933c3cefb7b164d7a666d8f1\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000989696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\86bae9c18e11598ee1f3c271cf6280d7\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\cfa45e66aa99a28fa29aecf711872aaf\CLI.Component.Client.Shared.Private.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000233472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\a20b1c2de5c5d7ed73d943992c3801af\CLI.Component.Runtime.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000914944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\e8771ee0ab2407ca6fd1c95cc28cfab2\CLI.Component.Dashboard.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\2c5d437c65b33b1b02f4dd62cfd2dce9\DEM.Graphics.I0706.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\a60dcac472514f0d69c2c18947dda216\DEM.Graphics.I0709.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\40d6768770f2d15df1742a02a993d65d\DEM.Graphics.I0712.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\bd858cb65685267acffc5bacf9bb5269\DEM.Graphics.I0804.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\8e58daeca6b504a0becefcc912a78449\DEM.Graphics.I0805.ni.dll
2019-09-12 09:55 - 2019-09-12 09:55 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\45a17b4a5530561053a8a4f1d28a4ab5\DEM.Graphics.I0812.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\6053e5db01ebb00b4fa94d4c3919ca87\DEM.Graphics.I0906.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\67542f3e868b12b29bace79626076af0\DEM.Graphics.I0912.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\f55507c8f1b13f7f8f150483f1ddf1b7\DEM.Graphics.I1010.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 001005568 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\7f4419ca3b535910e6627e884b6f8ef9\Localization.Foundation.Private.ni.dll
2019-09-12 09:56 - 2019-09-12 09:56 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\6105b9a6bea7549b394b1b2965ea7859\ResourceManagement.Foundation.Implementation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\d900dc2c3859a25b9bbae1084172f677\ResourceManagement.Foundation.Private.ni.dll
2019-09-12 09:52 - 2019-09-12 09:52 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\9f77177c2d7701d8b6e401f6fb05a0d5\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 002286592 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\8c2d23aeef5b0ae44b34688abd6904c2\CLI.Caste.Graphics.Shared.ni.dll
2019-09-12 09:54 - 2019-09-12 09:54 - 002788864 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\dc5205266603f0296afcb477218b161c\CLI.Caste.Graphics.Runtime.ni.dll
2019-09-18 16:28 - 2019-08-21 13:00 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000025600 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\faad3493a001b98a4b94753251f6c7d6\DEM.Foundation.ni.dll
2019-09-12 09:51 - 2019-09-12 09:51 - 000115200 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\138049a5558801c20eea05ccefb1700f\DEM.Graphics.I0601.ni.dll
2019-09-18 16:30 - 2019-08-21 13:01 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-09-18 16:28 - 2019-08-21 13:00 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2019-09-18 16:28 - 2019-08-21 13:00 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000803520 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 003374272 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000284864 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2003-03-19 06:14 - 2003-03-19 06:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 14:42 - 2003-02-21 14:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2013-12-12 15:49 - 2013-12-12 15:49 - 000037512 _____ (Raxco Software, Inc. -> Raxco Software, Inc.) [File not signed] C:\Program Files\Common Files\Raxco\Shared\PDEnginePS.dll
2019-09-18 16:29 - 2019-08-21 13:00 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2017-04-09 23:49 - 2017-04-09 23:49 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\Temp:2398E95B [139]
AlternateDataStreams: C:\ProgramData\Temp:FC97DEBC [147]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-12-21 19:57 - 000000178 ____R C:\Windows\system32\drivers\etc\hosts

127.0.0.1                   keystone.mwbsys.com
127.0.0.1                   sirius.mwbsys.com
127.0.0.1                   bactem.mwbsys.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\Wallpaper -> C:\Photos\WIND RIVER BOB\DSC00376.JPG
DNS Servers: 192.168.2.1 - 207.164.234.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe No File
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe No File
FirewallRules: [{7516FD80-6552-4D75-8FE8-BE23EACA781B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D5D68CB-2589-455F-9FA2-4314A4E9C891}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{50D5CDDC-5780-497E-A0CB-E1A50EF54E1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C35C7DA0-B461-415E-872E-97C28B174D95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33FF83E7-D837-4CAF-A42E-88D1286DA898}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{F9511E3C-4DEC-4B7F-A36F-B23406781868}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{7FE3058F-AEDE-493C-8576-F4DB9DA408DC}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe No File
FirewallRules: [{D712D4C1-3349-41B7-8592-E299B2D7BBB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File

==================== Codecs (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]

==================== Restore Points =========================

10-09-2019 21:59:23 Windows Update
17-09-2019 17:26:04 Windows Update
21-09-2019 16:29:41 Garmin Express
23-09-2019 13:19:28 JRT Pre-Junkware Removal
23-09-2019 18:06:00 Restore Operation
24-09-2019 20:15:14 Revo Uninstaller's restore point - Dark Parables The Match Girls Lost Paradise Collectors 1.00
25-09-2019 17:14:55 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2019 05:36:43 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (09/26/2019 05:36:43 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\encodinglayer.cpp (599)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The data is invalid.   0x8007000d (0x8007000d)

Error: (09/25/2019 11:19:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 69.0.1.7199 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b48

Start Time: 01d5740ff3f69be9

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 68da9998-e00c-11e9-86bf-5435306021e4

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (09/28/2019 04:21:17 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (09/28/2019 04:20:47 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (09/27/2019 02:29:32 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (09/27/2019 02:29:02 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (09/26/2019 08:54:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The service has not been started.

Error: (09/26/2019 04:53:07 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (09/26/2019 04:52:37 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (09/25/2019 04:11:38 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2015-10-28 23:09:35.766
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80073aba
Error description: The resource is too old to be compatible.
Signature version: 1.155.266.0;1.155.266.0
Engine version: 1.1.9700.0

Date: 2015-05-07 20:07:04.679
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2015-05-07 20:05:55.325
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

Date: 2014-12-29 21:26:36.484
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2014-12-29 21:25:37.068
Description:
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified.
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.

CodeIntegrity:
===================================

Date: 2016-04-07 16:43:13.281
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 16:02:36.066
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 14:43:27.801
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-07 07:18:22.962
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 21:16:11.470
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 17:38:05.676
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-06 16:46:43.931
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-05 22:59:18.702
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Insyde F.37 10/22/2015
Motherboard: Hewlett-Packard 213B
Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 7643.95 MB
Available physical RAM: 4238.28 MB
Total Virtual: 15323.95 MB
Available Virtual: 11606.24 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:369.47 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b412d7c1-a189-4967-aa4a-59b14fdfd4c1}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#4
icotonev
Posted 28 September 2019 - 09:11 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 250 posts

Hello again..! :)  I do not see any active infections from the logs provided ..! Let's try to find out what is the cause of your problem:

 

Farbar Recovery Scan Tool - Fix

 

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\Temp:2398E95B [139]
AlternateDataStreams: C:\ProgramData\Temp:FC97DEBC [147]
FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe No File
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe No File
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{7FE3058F-AEDE-493C-8576-F4DB9DA408DC}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe No File
FirewallRules: [{D712D4C1-3349-41B7-8592-E299B2D7BBB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
Hosts:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reboot:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

  • Fixlog.txt
  • Let me know how the computer is doing.

  • 0

#5
Jackpine
Posted 28 September 2019 - 09:50 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Fix results are provided below.  I went to different websites and they loaded quickly with no need to reset wi fi adapter.  I don't know what you did, but it looks like everything is running well!

 

Thank you very much.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Robert (28-09-2019 11:33:24) Run:1
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
S1 epp; \??\C:\EEK\bin64\epp.sys [X]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\Temp:2398E95B [139]
AlternateDataStreams: C:\ProgramData\Temp:FC97DEBC [147]
FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe No File
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe No File
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe No File
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe No File
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe No File
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe No File
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe No File
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{7FE3058F-AEDE-493C-8576-F4DB9DA408DC}] => (Allow) C:\Program Files (x86)\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe No File
FirewallRules: [{D712D4C1-3349-41B7-8592-E299B2D7BBB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
Hosts:
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
Reboot:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\epp => removed successfully
epp => service removed successfully
HKLM\System\CurrentControlSet\Services\RimUsb => removed successfully
RimUsb => service removed successfully
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6} => removed successfully
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98} => removed successfully
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005} => removed successfully
C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully
C:\ProgramData\Temp => ":2398E95B" ADS removed successfully
C:\ProgramData\Temp => ":FC97DEBC" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C4F41CB-7472-4A76-BE5A-0983120BE539}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75E2B264-F083-461B-A302-17FD65CCA98E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16354299-2032-4F7F-8FC3-D624C1F476A0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6B5F960-757A-464B-B837-7C2541BA312C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E391D2D7-D081-4FDE-911A-89FFD3A5F831}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F11568A-868C-474A-8C1C-D9A5C3758278}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7311761D-148D-4EA8-9807-7D36DEFB5980}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87BFE6EB-7370-4D88-A499-C6E7D54FB381}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B41342F7-7E5B-4833-A2EB-7C9261E005E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F382F42C-30DC-4637-A876-A2C8816ED645}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{08270B2A-DFD8-419D-A149-51F53E46EC5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F60E5310-C881-4942-BDF9-F6450272248C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B98C766F-AC48-4ACE-A567-F54BADCACBA4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43FB2BE8-BBEE-4DDD-AB76-064634D94334}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD79683A-AEDF-4999-9123-A1FBB00B3273}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FE3058F-AEDE-493C-8576-F4DB9DA408DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D712D4C1-3349-41B7-8592-E299B2D7BBB5}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::353c:7726:6351:68e%4
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lakeheadu.ca

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : home
   Link-local IPv6 Address . . . . . : fe80::353c:7726:6351:68e%4
   IPv4 Address. . . . . . . . . . . : 192.168.2.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lakeheadu.ca

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home

========= End of CMD: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting , failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9687202 B
Java, Flash, Steam htmlcache => 1154 B
Windows/system/drivers => 51290 B
Edge => 0 B
Chrome => 0 B
Firefox => 1113001074 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 8262 B
NetworkService => 0 B
Robert => 57245976 B

RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:35:22 ====


  • 0

#6
icotonev
Posted 28 September 2019 - 10:25 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 250 posts

This is great news ..! :)   It follows:

 

AdwCleaner

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

 

ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:

  • AdwCleaner[S0*].txt
  • eset.txt

  • 0

#7
Jackpine
Posted 29 September 2019 - 08:16 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

The ESET scan was still going so I stopped it. Here is the Adw.Cleaner scan text.  No more problems with slow web page loading.  No need to reset wi fi.

 

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-04-2019
# Database: 2019-09-27.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-28-2019
# Duration: 00:00:26
# OS:       Windows 8.1
# Scanned:  35645
# Detected: 37


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DC63030-9A9F-4626-A554-0E0B3538C477}
Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DC63030-9A9F-4626-A554-0E0B3538C477}
Preinstalled.HPCeement   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCeeScheduleForRobert
Preinstalled.HPCeement   Task   C:\Windows\System32\Tasks\HPCEESCHEDULEFORROBERT
Preinstalled.HPCeement   Task   C:\Windows\Tasks\HPCEESCHEDULEFORROBERT.JOB
Preinstalled.HPCoolSense   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense   Folder   C:\Users\Robert\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense   Folder   C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense   Registry   HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Preinstalled.HPCoolSense   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{59F8C5AA-91BD-423D-BF05-09A80F39898F}
Preinstalled.HPHealthCheck   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPRegistrationService   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB3EB686-B7C1-4B28-8A1E-C3854FE5924B}
Preinstalled.HPRegistrationService   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPGenoobeReminder
Preinstalled.HPRegistrationService   Task   C:\Windows\System32\Tasks\HPGENOOBEREMINDER
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Users\Robert\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Users\Robert\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-doubledowncasinosocial
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres


AdwCleaner[S00].txt - [1246 octets] - [19/10/2018 20:02:09]
AdwCleaner[C00].txt - [1432 octets] - [19/10/2018 20:02:34]
AdwCleaner[S01].txt - [1368 octets] - [25/01/2019 16:12:02]
AdwCleaner[S02].txt - [1429 octets] - [29/01/2019 19:52:52]
AdwCleaner[C02].txt - [1659 octets] - [29/01/2019 19:53:10]
AdwCleaner[S03].txt - [1551 octets] - [31/01/2019 18:18:13]
AdwCleaner[C03].txt - [1781 octets] - [31/01/2019 18:18:24]
AdwCleaner[S04].txt - [1715 octets] - [16/04/2019 21:09:35]
AdwCleaner[C04].txt - [1925 octets] - [16/04/2019 21:10:06]
AdwCleaner[S05].txt - [1837 octets] - [02/06/2019 09:33:04]
AdwCleaner[C05].txt - [2047 octets] - [02/06/2019 09:33:42]
AdwCleaner[S06].txt - [1917 octets] - [16/06/2019 22:41:43]
AdwCleaner[C06].txt - [2147 octets] - [16/06/2019 22:42:00]
AdwCleaner[S07].txt - [2039 octets] - [23/09/2019 13:25:39]
AdwCleaner[C07].txt - [2285 octets] - [23/09/2019 13:25:56]
AdwCleaner_Debug.log - [10383 octets] - [28/09/2019 15:17:40]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S08].txt ##########
 


  • 0

#8
icotonev
Posted 29 September 2019 - 08:31 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 250 posts

The ESET scan was still going so I stopped it. Here is the Adw.Cleaner scan text.  No more problems with slow web page loading.  No need to reset wi fi.


 

 

Well..! Last step and finish:

 

KpRm

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • When the tool opens, ensure all boxes are checked, and select Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#9
Jackpine
Posted 29 September 2019 - 09:13 AM

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 490 posts

Here is the log.

 

# Run at Sun, Sep 29, 2019 11:10:01 AM
# KpRm (Kernel-panik) version 1.11
# Website https://kernel-panik.me/tool/kprm/
# Run by Robert from C:\Users\Robert\Desktop
# Computer Name: SHADOWFAX
# OS: Windows 8.1 X64 (9600)

- Create Registry Backup -

  [OK] Registry Backup: C:\KPRM\backup\2019-09-29-11-09

-- Backup Registry finished in 24.66s --


- Remove Tools -


  ## AdwCleaner
     [OK] C:\Users\Robert\Desktop\AdwCleaner.exe deleted (1)
     [OK] C:\AdwCleaner deleted (1)

  ## ESET Online Scanner
     [OK] C:\Users\Robert\Desktop\ESET Online Scanner.lnk deleted (1)
     [OK] C:\Users\Robert\Desktop\esetonlinescanner_enu.exe deleted (1)

  ## FRST
     [OK] C:\Users\Robert\Desktop\FRST64.exe deleted (1)
     [OK] C:\FRST deleted (1)

  ## Junkware Removal Tool
     [OK] C:\Users\Robert\Desktop\JRT.exe deleted (1)

-- Remove tools finished in 8.92s --


- Restore System Settings -

  [OK] Flush DNS
  [OK] Reset WinSock
  [OK] Hide Hidden file.
  [OK] Show Extensions for known file types
  [OK] Hide protected operating system files

-- Restore System Settings finished in 7.48s --


- Restore UAC -

  [OK] Set ConsentPromptBehaviorAdmin with default (5) value
  [OK] Set ConsentPromptBehaviorUser with default (3) value
  [OK] Set EnableInstallerDetection with default (0) value
  [OK] Set EnableLUA with default (1) value
  [OK] Set EnableSecureUIAPaths with default (1) value
  [OK] Set EnableUIADesktopToggle with default (0) value
  [OK] Set EnableVirtualization with default (1) value
  [OK] Set FilterAdministratorToken with default (0) value
  [OK] Set PromptOnSecureDesktop with default (1) value
  [OK] Set ValidateAdminCodeSignatures with default (0) value

-- Restore UAC finished in 0.03s --


- Clear Restore Points -

    ~ [OK] RP named Windows Update created at 09/11/2019 01:59:23 deleted
    ~ [OK] RP named Windows Update created at 09/17/2019 21:26:04 deleted
    ~ [OK] RP named Garmin Express created at 09/21/2019 20:29:41 deleted
    ~ [OK] RP named JRT Pre-Junkware Removal created at 09/23/2019 17:19:28 deleted
    ~ [OK] RP named Restore Operation created at 09/23/2019 22:06:00 deleted
    ~ [OK] RP named Revo Uninstaller's restore point - Dark Parables The Match Girls Lost Paradise Collectors 1.00 created at 09/25/2019 00:15:14 deleted
    ~ [OK] RP named JRT Pre-Junkware Removal created at 09/25/2019 21:14:55 deleted
    ~ [OK] RP named Restore Point Created by FRST created at 09/28/2019 15:33:24 deleted

  [OK] All system restore points have been successfully deleted

-- Clear Restore Points finished in 58.23s --


- Create Restore Point -

  [OK] Enable System Restore
  [OK] System Restore Point created

- Display System Restore Point -

    ~ [I] RP named KpRm created at 09/29/2019 15:11:41 found

-- Create Restore Point finished in 41.68s --


-- KPRM finished in 141.07s --

 


  • 0

#10
icotonev
Posted 29 September 2019 - 09:21 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 250 posts

After you have no other problems, we move on to the final ..! :) Safe surfing ..! :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP