Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Really slow laptop


  • Please log in to reply

#76
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

I've deleted Bonjour and the two HP programs and turned off Syncyoursettings

 

I actually have iTunes installed but I don't use it as I use Sony's Music Centre for PC's.  Shall I uninstall it?

 

Have run WebCacheKiller and stopped the services you specified.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bob Scott (07-01-2020 20:07:02) Run:1
Running from C:\Users\Bob Scott\Desktop
Loaded Profiles: Bob Scott (Available Profiles: Bob Scott)
Boot Mode: Normal
==============================================

fixlist content:
*****************
powershell: remove-AppxPackage (Get-AppxPackage –AllUsers|Where{$_.PackageFullName -match "ZuneMusic"}).PackageFullName
CMD: copy C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.vol C:\Users\Bob Scott\Desktop\store.vol
C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.vol
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************


========= remove-AppxPackage (Get-AppxPackage –AllUsers|Where{$_.PackageFullName -match "ZuneMusic"}).PackageFullName =========


========= End of Powershell: =========


========= copy C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.vol C:\Users\Bob Scott\Desktop\store.vol =========

The syntax of the command is incorrect.

========= End of CMD: =========

C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.vol => moved successfully

========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========


========= End of CMD: =========


========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:11:52 ====

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by Bob Scott (administrator) on RS-140429774-01 (HP HP Laptop 15-db0xxx) (07-01-2020 20:24:20)
Running from C:\Users\Bob Scott\Desktop
Loaded Profiles: Bob Scott (Available Profiles: Bob Scott)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe
(Adobe Systems Incorporated -> Adobe) C:\Program Files\Adobe\Elements 2019 Organizer\dynamiclinkmanager.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Guardware Ltd. -> Guardware Ltd) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe
(Guardware Ltd. -> Guardware Ltd.) C:\Program Files (x86)\Guardware\Integrity Management\GWW.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobePSE17AutoAnalyzer] => C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe [3058696 2018-08-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1814848 2019-07-25] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [Amazon Photos] => C:\Users\Bob Scott\AppData\Local\Amazon Drive\AmazonPhotos.exe [9232552 2019-11-12] (Amazon Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30868464 2019-11-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2019-09-13]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Bob Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2019-07-06]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010DC41D-C102-4589-BCE9-BCA77E9AD217} - System32\Tasks\AdobeAAMUpdater-1.0-RS-140429774-01-Bob Scott => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {05BAE5FF-D17A-413B-BD0B-DF7D213516B8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {06D65E62-A42C-4411-84A5-CDC377FF258B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-11-21] (Garmin International, Inc. -> )
Task: {0C35CBA6-7395-4948-A3C5-E706BA44C669} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {109B7335-D075-4AC1-8A46-2066D6669DC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {1A9E6804-7F1F-405C-82FE-109BD4BA7274} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {277EBFCA-4599-47F8-9096-AB73CEB2363C} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {3CC3F966-A1B4-4F3F-AB04-2F3A3DE8527E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-10] (Google Inc -> Google Inc.)
Task: {43567BB9-7962-4337-B1A3-4594FBC2E777} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {46A584C7-4C3D-492A-812D-79DA703D0B23} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4743AF56-491A-4879-9C48-F03C9EA6FCC5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {4E62E2C4-38A0-4D3B-8C64-C0EB5A3CC306} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {52597AF1-A2FE-457E-9E66-0E62DBA03AEE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5447552C-0DDA-4080-B35B-4B5E19FD6372} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {60E532B8-32D5-436F-A58A-5296BEF96140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {6961D7FD-8173-44F5-85BE-B51E592849A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {77A59A9F-B281-4917-B0DB-6EE2044F06CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
Task: {7E8D82AB-F0D4-4C8F-9C0C-B1DD0E35D60F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8EED8701-E99C-441E-A881-C0C2BE24FE07} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {BA118E3F-6FEC-4F80-88B6-9BAB8514D5E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {BE0E3263-665C-4783-BFF9-009B5173E0CA} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {C00C013B-42E2-412A-A5E8-C07A07FB45E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {CA1948FE-0409-4717-ADCB-7A5FAFBF0821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {CC7F3CDA-D5F5-489A-83BC-FBCBAFD8B061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-10] (Google Inc -> Google Inc.)
Task: {CFA622F9-A261-4C51-9B27-7D2AAAA634EC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {DD9C434A-82F6-43FA-9AF3-23BF8A858A78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE728870-77A8-43D6-9879-EC57AC698720} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {EE2E02FB-F49D-4FDD-AED9-BE2C9C01939E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {F883D350-34EA-4D33-81A6-DDF60024A3DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4fe67f05-f606-4f5f-bbe7-b2895589c358}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Bob Scott\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> about:start

FireFox:
========
FF DefaultProfile: uk60tjfu.default-1573382213419
FF ProfilePath: C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419 [2020-01-07]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419\Extensions\[email protected] [2020-01-04]
FF Extension: (uBlock Origin) - C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419\Extensions\[email protected] [2019-12-29]
FF Extension: (Avast Online Security) - C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419\Extensions\[email protected] [2020-01-04]
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\gwSetting.js [2019-09-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\MoSetting.cfg [2019-09-13] <==== ATTENTION

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe [481768 2019-02-06] (Advanced Micro Devices, Inc. -> AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-07-25] (Digital Wave Ltd -> Digital Wave Ltd)
R2 e-Safe Compliance Client; C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe [953376 2018-11-08] (Guardware Ltd. -> Guardware Ltd)
S2 GuardWareProxy; C:\Program Files (x86)\Guardware\Integrity Management\GWProxy.exe [4331552 2018-11-08] (Guardware Ltd. -> Guardware Ltd.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [397256 2018-11-19] (Canon Inc. -> )
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2012-09-05] (Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [717776 2019-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [382008 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-03] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S4 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S4 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [26888 2019-02-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atikmdag.sys [44624360 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atikmpag.sys [567784 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108992 2018-04-27] (Alcorlink Corp. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-01-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2019-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 GWDogFile; C:\windows\system32\drivers\GWDogFile.sys [43376 2018-08-07] (Guardware Ltd. -> Guardware Ltd)
R2 GWPG; C:\windows\system32\drivers\GWPG.sys [39808 2017-02-16] (Guardware Ltd. -> Guardware Ltd)
R2 GWScanner; C:\windows\system32\drivers\GWScanner.sys [68576 2018-05-17] (Guardware Ltd. -> Guardware Ltd)
R2 gwwfp; C:\windows\system32\Drivers\gwwfp64.sys [56288 2018-03-08] (Guardware Ltd. -> Guardware Ltd.)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1160488 2019-12-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [787736 2019-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [11708504 2019-07-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48688 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-20] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-03] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-03] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
S4 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 20:24 - 2020-01-07 20:28 - 000029825 _____ C:\Users\Bob Scott\Desktop\FRST.txt
2020-01-07 20:07 - 2020-01-07 20:11 - 000002129 _____ C:\Users\Bob Scott\Desktop\Fixlog.txt
2020-01-07 19:56 - 2020-01-07 20:02 - 000000000 ____D C:\Program Files (x86)\WebCacheKiller
2020-01-07 19:53 - 2020-01-07 19:55 - 000249856 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2020-01-07 19:53 - 2020-01-07 19:55 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2020-01-07 19:52 - 2020-01-07 19:52 - 003550720 _____ C:\Users\Bob Scott\Downloads\webcachekiller.exe
2020-01-07 08:50 - 2020-01-07 09:17 - 000015280 _____ C:\VEW.txt
2020-01-07 08:49 - 2020-01-07 08:49 - 000061440 _____ ( ) C:\Users\Bob Scott\Desktop\VEW.exe
2020-01-06 21:22 - 2020-01-06 23:12 - 000000000 ____D C:\ProgramData\RogueKiller
2020-01-06 21:20 - 2020-01-06 21:21 - 037033528 _____ C:\Users\Bob Scott\Downloads\RogueKiller_portable64.exe
2020-01-06 14:35 - 2020-01-07 20:21 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\CrashDumps
2020-01-06 13:45 - 2020-01-07 20:30 - 000001296 _____ C:\ProgramData\ipconfig.txt
2020-01-04 21:18 - 2020-01-04 21:19 - 015466496 _____ (HP Inc.) C:\Users\Bob Scott\Downloads\sp100615.exe.part
2020-01-04 21:18 - 2020-01-04 21:18 - 000000000 _____ C:\Users\Bob Scott\Downloads\sp100615.exe
2020-01-04 20:57 - 2020-01-04 20:58 - 042999568 _____ (HP ) C:\Users\Bob Scott\Downloads\sp99005.exe
2020-01-04 15:08 - 2020-01-04 15:08 - 000001482 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2020-01-04 15:08 - 2020-01-04 15:08 - 000001482 _____ C:\ProgramData\Desktop\Free YouTube To MP3 Converter.lnk
2020-01-03 18:45 - 2020-01-03 18:45 - 000000000 ____D C:\Users\Bob Scott\AppData\Roaming\AVAST Software
2020-01-03 18:44 - 2020-01-03 18:44 - 000001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2020-01-03 18:44 - 2020-01-03 18:44 - 000001974 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2020-01-03 18:44 - 2020-01-03 18:44 - 000001974 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2020-01-03 18:44 - 2020-01-03 18:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-01-03 18:43 - 2020-01-06 20:57 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-01-03 18:42 - 2020-01-03 18:43 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2020-01-03 18:42 - 2020-01-03 18:43 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2020-01-03 18:42 - 2020-01-03 18:43 - 000161544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-01-03 18:42 - 2020-01-03 18:42 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2020-01-03 18:42 - 2020-01-03 18:41 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2020-01-03 18:42 - 2020-01-03 18:41 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000276952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000037616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2020-01-03 18:42 - 2020-01-03 18:41 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2020-01-03 18:42 - 2020-01-03 18:40 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2020-01-03 18:42 - 2020-01-03 18:40 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2020-01-03 18:42 - 2020-01-03 18:40 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2020-01-03 18:40 - 2020-01-03 18:40 - 000000000 ____D C:\Program Files\AVAST Software
2020-01-03 18:38 - 2020-01-03 18:42 - 000000000 ____D C:\ProgramData\AVAST Software
2020-01-03 16:51 - 2020-01-03 16:52 - 010642552 _____ (McAfee, LLC.) C:\Users\Bob Scott\Downloads\MCPR.exe
2020-01-03 16:37 - 2020-01-03 16:40 - 377177560 _____ (AVAST Software) C:\Users\Bob Scott\Downloads\avast_free_antivirus_setup_offline.exe
2019-12-31 18:53 - 2019-12-31 18:56 - 000000000 _____ C:\Users\Bob
2019-12-29 19:04 - 2020-01-06 10:35 - 000002266 _____ C:\WINDOWS\system32\Tasks\CMPCUAC
2019-12-29 19:03 - 2019-12-29 19:03 - 026089528 _____ (MacPaw, Inc. ) C:\Users\Bob Scott\Downloads\CleanMyPC.exe
2019-12-29 15:52 - 2019-12-29 15:52 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-12-29 15:51 - 2019-12-29 15:51 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-12-29 15:38 - 2019-12-29 15:40 - 046193560 _____ (Hewlett-Packard Company ) C:\Users\Bob Scott\Downloads\sp79676.exe
2019-12-29 12:04 - 2019-12-29 12:07 - 000003003 _____ C:\Users\Bob Scott\Downloads\OOSU10.ini
2019-12-29 12:04 - 2019-12-29 12:04 - 001106808 _____ (O&O Software GmbH) C:\Users\Bob Scott\Downloads\OOSU10.exe
2019-12-29 12:00 - 2019-12-29 15:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-29 11:15 - 2019-12-29 11:15 - 000000000 ____D C:\WINDOWS\Firmware
2019-12-29 11:00 - 2019-12-29 11:03 - 140239944 _____ (HP Inc. ) C:\Users\Bob Scott\Downloads\sp99450.exe
2019-12-27 18:20 - 2019-12-27 18:20 - 000001075 _____ C:\Users\Public\Desktop\Music Center for PC.lnk
2019-12-27 18:20 - 2019-12-27 18:20 - 000001075 _____ C:\ProgramData\Desktop\Music Center for PC.lnk
2019-12-27 18:20 - 2019-12-27 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Center
2019-12-27 18:20 - 2019-12-27 18:20 - 000000000 ____D C:\Program Files (x86)\Sony
2019-12-27 16:57 - 2020-01-03 15:12 - 000001047 _____ C:\Users\Bob Scott\Desktop\LatencyMon.lnk
2019-12-27 16:57 - 2019-12-27 16:57 - 000000850 _____ C:\Users\Bob Scott\Desktop\In Depth Latency Tests.lnk
2019-12-27 16:57 - 2019-12-27 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2019-12-27 16:57 - 2019-12-27 16:57 - 000000000 ____D C:\Program Files\LatencyMon
2019-12-27 16:57 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2019-12-26 10:34 - 2019-12-26 10:34 - 000761656 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bob Scott\Desktop\autoruns.exe
2019-12-25 11:24 - 2020-01-06 14:46 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2019-12-24 18:03 - 2019-12-24 18:03 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2019-12-24 18:03 - 2019-12-24 18:03 - 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk
2019-12-24 18:03 - 2019-12-24 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2019-12-24 18:03 - 2019-12-24 18:03 - 000000000 ____D C:\Program Files\Speccy
2019-12-24 17:57 - 2019-12-24 17:58 - 000034188 _____ C:\junk.txt
2019-12-24 17:47 - 2019-12-24 17:47 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bob Scott\Desktop\procexp.exe
2019-12-23 17:27 - 2020-01-07 20:26 - 000000000 ____D C:\FRST
2019-12-23 17:22 - 2020-01-03 10:27 - 002272256 _____ (Farbar) C:\Users\Bob Scott\Desktop\FRST64.exe
2019-12-22 17:11 - 2020-01-04 15:08 - 000001419 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2019-12-22 17:11 - 2020-01-04 15:08 - 000001419 _____ C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2019-12-19 14:48 - 2019-12-19 14:48 - 000008354 _____ C:\Users\Bob Scott\Documents\Sandman Signature Newcastle Hotel, UK - Reservation Confirmation.eml
2019-12-10 23:24 - 2019-12-10 23:24 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 23:23 - 2019-12-10 23:23 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 23:23 - 2019-12-10 23:23 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-07 20:24 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-07 20:22 - 2019-04-03 13:51 - 000000000 ____D C:\Users\Bob Scott\AppData\LocalLow\Mozilla
2020-01-07 20:20 - 2019-09-03 14:25 - 000004030 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D624D13F-375D-459E-9CCE-AC7FB0752FD7}
2020-01-07 20:18 - 2019-02-04 13:15 - 000000000 ____D C:\ProgramData\Guardware
2020-01-07 20:17 - 2019-09-03 14:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-07 20:16 - 2019-03-19 04:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-01-07 20:16 - 2018-11-10 04:57 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-01-07 20:01 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Registration
2020-01-07 19:44 - 2019-09-12 13:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\{4883A0DE-9902-705E-B636-6DDF05F40033}
2020-01-07 19:43 - 2019-09-03 13:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-07 02:00 - 2019-02-06 19:49 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Adobe
2020-01-06 11:09 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-01-06 10:35 - 2019-09-03 14:25 - 000003770 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-06 10:35 - 2019-09-03 14:25 - 000003464 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2020-01-06 10:35 - 2019-09-03 14:25 - 000002562 _____ C:\WINDOWS\system32\Tasks\HPEA3JOBS
2020-01-04 20:59 - 2018-11-10 05:11 - 000000000 ____D C:\WINDOWS\HP
2020-01-04 20:59 - 2018-06-01 15:34 - 000000000 ____D C:\SWSetup
2020-01-04 20:36 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-01-04 20:36 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-01-04 15:08 - 2019-02-11 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2020-01-04 15:08 - 2019-02-11 15:05 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2020-01-04 14:38 - 2019-11-17 19:03 - 000000000 ____D C:\Users\Bob Scott\Downloads\Temp photos
2020-01-03 18:54 - 2019-01-28 23:13 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Packages
2020-01-03 18:42 - 2019-03-19 04:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-01-03 17:10 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-03 17:05 - 2018-04-28 06:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-01-03 16:56 - 2019-02-16 18:24 - 000748816 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-01-03 14:36 - 2019-02-04 17:29 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\D3DSCache
2020-01-02 15:09 - 2019-09-13 11:55 - 000000000 ____H C:\Users\Bob Scott\AppData\Local\IconCache.db.backup
2020-01-02 14:36 - 2019-10-03 21:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-01-02 14:36 - 2019-10-03 21:13 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-01-02 13:52 - 2019-02-27 10:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-12-29 21:27 - 2019-08-21 11:50 - 000000000 ____D C:\Users\Bob Scott\AppData\Roaming\ON1
2019-12-29 21:27 - 2019-08-21 11:47 - 000000000 ____D C:\ProgramData\ON1
2019-12-29 21:27 - 2019-02-27 10:07 - 000000000 ____D C:\Program Files (x86)\Canon
2019-12-29 21:17 - 2018-06-01 07:05 - 000000000 ____D C:\Program Files\HP
2019-12-29 21:17 - 2018-06-01 07:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-12-29 19:57 - 2019-02-27 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-12-29 15:57 - 2019-04-03 13:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-29 15:51 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-29 15:50 - 2018-11-10 04:58 - 000000744 _____ C:\WINDOWS\HPSetLog.txt
2019-12-29 12:46 - 2019-04-03 13:50 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-29 12:32 - 2019-02-04 13:32 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\PlaceholderTileLogoFolder
2019-12-29 11:45 - 2018-11-10 04:59 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-12-29 11:42 - 2019-02-06 15:22 - 001160488 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2019-12-27 18:11 - 2019-03-08 13:48 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Downloaded Installations
2019-12-22 18:34 - 2019-02-06 19:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-14 11:34 - 2019-02-04 14:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-14 11:28 - 2019-09-03 14:25 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 11:28 - 2019-09-03 14:25 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-12 13:02 - 2019-09-03 14:13 - 000934996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-12 13:00 - 2019-02-04 16:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 12:47 - 2019-02-04 16:12 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 00:11 - 2019-01-28 23:13 - 000000000 ___RD C:\Users\Bob Scott\3D Objects
2019-12-11 00:11 - 2018-04-28 06:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 00:08 - 2019-09-03 13:52 - 000381184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-10 23:37 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp

==================== Files in the root of some directories ========

2019-03-18 14:17 - 2019-03-18 14:17 - 000000264 _____ () C:\ProgramData\fontcacheev1.dat
2019-07-21 13:11 - 2019-07-21 13:11 - 000000000 _____ () C:\Users\Bob Scott\AppData\Local\oobelibMkey.log
2019-08-31 18:57 - 2019-08-31 18:58 - 000020229 _____ () C:\Users\Bob Scott\AppData\Local\TempRuntimeBroker.exe.0195.wxtu.dmp
2019-04-06 08:07 - 2019-04-06 08:07 - 000033301 _____ () C:\Users\Bob Scott\AppData\Local\Tempsvchost.exe.1c0e.wxtu.dmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bob Scott (07-01-2020 20:31:21)
Running from C:\Users\Bob Scott\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-09-03 14:27:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2617516664-2097498628-2091352067-500 - Administrator - Disabled)
Bob Scott (S-1-5-21-2617516664-2097498628-2091352067-1001 - Administrator - Enabled) => C:\Users\Bob Scott
DefaultAccount (S-1-5-21-2617516664-2097498628-2091352067-503 - Limited - Disabled)
Guest (S-1-5-21-2617516664-2097498628-2091352067-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2617516664-2097498628-2091352067-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2019 (HKLM-x32\...\PSE_17_0) (Version: 17.0 - Adobe Systems Incorporated)
Album Art Downloader XUI 1.03 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.03 - hxxp://sourceforge.net/projects/album-art)
Amazon Photos (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Amazon Photos) (Version: 6.2.3 - Amazon.com, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1016.918.14930 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{96973E1F-5AA8-4D30-9E9C-00E580F8D1C5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS E-Green Uninstall (HKLM-x32\...\EGREEN) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.1 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG3600 series User Registration (HKLM-x32\...\Canon MG3600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.7.21.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.7.10.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.7.0.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.30.1 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Elevated Installer (HKLM-x32\...\{1EF3F348-0065-4ED7-884F-BBB8B1FA8CA1}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
e-Safe Compliance Enterprise Client (HKLM-x32\...\{B6FB9F0A-6D60-46A9-960B-DCA5A978350B}) (Version: 4.4.0.77 - Guardware Ltd) Hidden
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.3.8.1227 - Digital Wave Ltd)
Garmin Express (HKLM-x32\...\{8526ab9f-b231-461d-964e-45bbed08f381}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9939845A-42CA-41A1-9A7E-848C95F02FD5}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 71.0 (x64 en-GB)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Music Center for PC (HKLM-x32\...\{B40F8BB7-7DAD-4F0C-AA48-015BE5386B93}) (Version: 2.2.0.01817 - Sony Home Entertainment & Sound Products Inc.)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.85 - REALTEK Semiconductor Corp.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Sky Go 1.5.16.0 (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.5.16.0 - Sky)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Packages:
=========
Duplicates Cleaner -> C:\Program Files\WindowsApps\6655kaeros.DuplicatesCleaner_3.48.0.0_x64__wbzechdf9an1w [2019-09-05] (kaeros)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-11-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-12] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35042.0.0_x64__807d65c4rvak2 [2019-05-31] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BAD45F}\localserver32 -> C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-03] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-01-03] (AVAST Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 002085888 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\cv210.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 002201088 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\cxcore210.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 000781312 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\highgui210.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 000407040 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\ml210.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 001715712 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\opencv_core231.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 000436736 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\opencv_ml231.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:22 - 2018-04-24 21:22 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2019-02-27 10:30 - 2015-03-17 08:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-11-21 12:03 - 2019-11-21 12:03 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 003772416 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\Microsoft.VC90.MFC\mfc90u.dll
2019-11-21 12:02 - 2019-11-21 12:02 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-16 08:16 - 2018-10-16 08:16 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\StartupApproved\Run: => "Amazon Photos"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0728530E-7888-43E6-8397-EFAE49F1F2DD}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\on1sandbox.exe No File
FirewallRules: [{CDBE8AFF-85B9-4DD9-8A26-1FC30C31DA55}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\on1sandbox.exe No File
FirewallRules: [{07C9DD9E-E35F-4403-8A5D-855F60A1E8CD}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\ON1 Effects 2019.exe No File
FirewallRules: [{81A12862-8BAA-4142-9993-819765EB9D3D}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\ON1 Effects 2019.exe No File
FirewallRules: [{DC6DA0AD-F60B-4295-B23E-43F11FF5FE1B}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{B177C50A-F78A-4954-AE16-EFDD78455FF2}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{5280C64C-029E-4EC9-BCF3-CBBE4D281724}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2A23393-44F1-429F-A8D0-044216D459D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3292F0CC-AA7C-435A-9887-31EDF335F43F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{2BD409AB-D68F-4A4B-8893-EE0C771A4E98}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{0E0A5CF8-FCB1-4762-8D18-4244CA7E7548}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{5C2412C1-F569-4C14-B60F-92AF6C87DC7F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{505A00A5-E095-41CB-97AA-3BD3C79DCC83}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{F44CC958-BC3B-4890-BF60-A7CB206B08FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{67953562-922C-4E55-859C-3012BCFF5132}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{6D0BAD0B-9927-48BE-944B-7725889795EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{DACDF505-FA08-482D-8D2A-F83C4DF7FD3D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{75AF006E-1262-4459-86AC-6DCA895A4A54}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{7AFD8705-38DB-466C-81CC-A2F1FE2DE1B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0DD9ECBF-809A-445A-B80F-D7C4A431B5BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C6D7CCB-F412-47CE-8B0A-4855EDE7D175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D1FFD12-B8A8-4D25-B441-5EDF13F19EF4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B6F91A3-7316-4607-AC34-ADFBA2139B4B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39B7E190-64A0-46CB-9EB8-30F6165DB60A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19AA9FAD-C05B-426D-A35A-165D68EE8DD2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1AB11A4-1705-487F-8690-AF48C5E7C1E9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC927C8D-7A27-41BB-B778-B36EBD2733FD}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{349F0141-E2A6-4EBB-A0E4-6F03C8E716C2}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{A26D9354-49FA-4650-9C04-A1E48B801AED}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{1F21503F-76D3-474E-B2BE-8218526D3139}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)

==================== Restore Points =========================

03-12-2019 14:27:59 McAfee Vulnerability Scanner
10-12-2019 22:19:30 Windows Update
27-12-2019 18:15:37 Installed Music Center for PC.
29-12-2019 12:05:43 O&O ShutUp10
07-01-2020 19:46:01 Removed Bonjour

==================== Faulty Device Manager Devices ============

Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service:
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/07/2020 08:21:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxTsr.exe, version: 16.0.12228.20356, time stamp: 0x5de82f0f
Faulting module name: hxcomm.dll, version: 16.0.12228.20356, time stamp: 0x5de85a7d
Exception code: 0x02123792
Fault offset: 0x000000000016a5cc
Faulting process ID: 0x25d4
Faulting application start time: 0x01d5c59800c6517d
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\hxcomm.dll
Report ID: 7a37aa03-4904-4087-842e-a59e5e1137c2
Faulting package full name: microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1


System errors:
=============
Error: (01/07/2020 08:35:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/07/2020 08:35:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/07/2020 08:35:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/07/2020 08:35:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/07/2020 08:35:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/07/2020 08:35:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/07/2020 08:35:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/07/2020 08:35:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.


CodeIntegrity:
===================================

Date: 2020-01-07 20:19:20.797
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.777
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.753
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.730
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.610
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.419
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:20.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-07 20:19:19.762
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.11 08/20/2018
Motherboard: HP 84AC
Processor: AMD A6-9225 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 46%
Total physical RAM: 7645.68 MB
Available physical RAM: 4094.27 MB
Total Virtual: 14045.68 MB
Available Virtual: 9749.04 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.59 GB) (Free:677.16 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.69 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a8b4e400-241a-4576-9c58-422d137d1804}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{aca34e70-1cf0-4216-976f-cb879e3a4865}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AEFD05AD)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

Advertisements


#77
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service:
Problem: : This device cannot work properly until you restart your computer. (Code14)
Resolution: Restart your computer.

 

 

If you restart again is the system firmware device still yellow flagged?

 

If it is  open FRST, in the search box put:

InsydeSystemFirmware.bin

in the Search Box and then Search Files.

 

I'm thinking the latest BIOS update is at fault.

 

 

 

Do you really need to keep Garmin Express on your computer?  I have a Garmin too and I just install it once a year to check for and download updates.  Don't see why it needs to run the rest of the year.

 

Search for

Task Scheduler

hit Enter.  Click on Task Scheduler Library.  Look in the next pane over.  There should be a task called either

{277EBFCA-4599-47F8-9096-AB73CEB2363C}

CMPCUAC

CleanMyPC

 

Right click on it and Disable.

 

 

 

Is your Outlook working?  I see an error that seems to refer to it. 

 

Could I see a new Process Explorer log?


  • 0

#78
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

My Garmin is a golf gps which I upload scores to after each round, but if you think it is causing a problem I am happy to uninstall it.

 

In Task Scheduler, CMPCUAC was already disabled

 

I didn't know I was using Outlook.  Is that the same as Windows Mail?

 

 

Firmware device was still flagged after reboot

 

 

Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bob Scott (08-01-2020 10:21:55)
Running from C:\Users\Bob Scott\Desktop
Boot Mode: Normal

 

================== Search Files: "InsydeSystemFirmware.bin" =============

C:\Windows\System32\DriverStore\FileRepository\insydesystemfirmware.inf_amd64_8837f5ae96bb0f4e\InsydeSystemFirmware.bin
[2019-09-15 18:32][2019-09-15 18:32] 023322704 _____ () FB8CC8C4C4D2A90C3C84D34AC456EE0C [File is digitally signed]

C:\Windows\Firmware\InsydeSystemFirmware.bin
[2019-09-15 18:32][2019-09-15 18:32] 023322704 _____ () FB8CC8C4C4D2A90C3C84D34AC456EE0C [File is digitally signed]


====== End of Search ======

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
WmiPrvSE.exe    57.88    5,592 K    14,140 K    6292    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
System Idle Process    14.04    60 K    8 K    0            
procexp64.exe    13.59    35,840 K    69,340 K    2480    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
GWW.exe    4.01    52,276 K    47,608 K    8660    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
dwm.exe    3.38    72,844 K    68,732 K    1088    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    1.90    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    1.36    2,380 K    5,368 K    736    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
System    1.03    200 K    520 K    4            
atieclxx.exe    0.58    2,488 K    10,800 K    2536    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
AvastUI.exe    0.42    24,992 K    48,436 K    6644    Avast Antivirus     AVAST Software    (Verified) AVAST Software s.r.o.
svchost.exe    0.41    14,512 K    26,756 K    4004    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    0.22    54,036 K    124,324 K    5816    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
amddvr.exe    0.21    171,260 K    10,736 K    8640    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.20    2,048 K    8,144 K    3548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
express.exe    0.20    45,532 K    88,904 K    1384    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
EOS Utility.exe    0.08    26,900 K    31,300 K    8588    EOS Utility    Canon INC.    (Verified) Canon Inc.
AvastSvc.exe    0.08    128,436 K    41,956 K    3252    Avast Antivirus  Service    AVAST Software    (Verified) AVAST Software s.r.o.
AGMService.exe    0.07    4,020 K    13,824 K    3760    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
firefox.exe    0.06    162,260 K    196,000 K    1412    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Registry    0.05    10,112 K    91,496 K    88            
svchost.exe    0.04    2,320 K    7,680 K    9992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOSUPNPSV.exe    0.03    3,736 K    10,208 K    10176    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
psi_tray.exe    0.03    1,356 K    6,760 K    8416    Secunia PSI Tray    Secunia    (Verified) Secunia
svchost.exe    0.02    6,040 K    18,988 K    3204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnh.exe    0.02    7,920 K    20,584 K    4940    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    0.02    2,748 K    8,564 K    648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
lsass.exe    0.02    6,592 K    16,968 K    840    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.02    187,020 K    261,332 K    8532    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
OfficeClickToRun.exe    0.01    28,876 K    55,316 K    3820    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
GWClient.exe    0.01    6,112 K    18,756 K    3904    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
svchost.exe    < 0.01    13,148 K    31,480 K    564    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
aswidsagent.exe    < 0.01    30,504 K    41,320 K    8884    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
svchost.exe    < 0.01    50,700 K    53,072 K    2616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,708 K    12,808 K    4588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    5,712 K    20,272 K    6028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,336 K    15,788 K    9080    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
csrss.exe    < 0.01    1,908 K    5,404 K    624    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    < 0.01    62,952 K    96,780 K    9396    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    < 0.01    2,856 K    14,788 K    3264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnhService.exe    < 0.01    3,512 K    10,340 K    2252    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
Memory Compression    < 0.01    240 K    60,860 K    2708            
RuntimeBroker.exe    < 0.01    4,960 K    21,120 K    1732    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RadeonSettings.exe    < 0.01    161,736 K    9,232 K    5592    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
YourPhone.exe    Suspended    15,812 K    37,060 K    8208            (No signature was present in the subject)
wsc_proxy.exe        2,448 K    9,760 K    2544    Avast Antivirus  remediation exe    AVAST Software    (Verified) AVAST Software s.r.o.
WmiPrvSE.exe        2,692 K    9,328 K    5908    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,016 K    7,328 K    3348    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,612 K    12,172 K    828    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,360 K    6,712 K    728    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe        12,300 K    41,932 K    11528    WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        5,524 K    21,168 K    1144    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,456 K    6,704 K    6328    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,428 K    6,856 K    3368    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,840 K    15,148 K    4828    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettingsBroker.exe        6,740 K    28,920 K    9588    System Settings Broker    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,168 K    5,876 K    6268    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        8,800 K    16,256 K    628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,520 K    13,944 K    1952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,360 K    13,156 K    2296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,348 K    8,792 K    4076    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,844 K    13,904 K    2960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,368 K    7,720 K    1060    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,564 K    9,276 K    2596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,508 K    6,000 K    1260    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,364 K    28,040 K    5688    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,956 K    15,912 K    4464    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,368 K    15,408 K    1832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,880 K    11,592 K    1284    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,208 K    21,108 K    4376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,108 K    8,648 K    2016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,384 K    5,868 K    2588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,056 K    17,308 K    4204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,432 K    8,684 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        19,900 K    28,844 K    3888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,840 K    21,724 K    10564    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,836 K    11,368 K    6912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,384 K    15,720 K    1340    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,020 K    7,184 K    4136    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,796 K    13,160 K    3840    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,380 K    9,416 K    1984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,452 K    8,004 K    3144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,780 K    21,276 K    4748    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,872 K    10,364 K    9184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,460 K    32,288 K    4996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,100 K    7,764 K    2556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,232 K    8,800 K    1688    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,860 K    13,556 K    2116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,928 K    6,808 K    2884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,916 K    21,328 K    4116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,664 K    10,836 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,948 K    10,084 K    2996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,932 K    10,140 K    1768    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,140 K    12,188 K    1308    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,336 K    5,476 K    4092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,008 K    15,900 K    9720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,812 K    19,776 K    3528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,784 K    12,096 K    1512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,972 K    7,684 K    2316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,652 K    8,836 K    6940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,548 K    5,816 K    6228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,752 K    10,648 K    5648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,988 K    11,888 K    3088    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,072 K    19,628 K    3616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,048 K    7,936 K    2788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,932 K    8,076 K    3976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,000 K    11,936 K    4760    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,008 K    8,268 K    3364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,924 K    7,588 K    2024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,064 K    8,492 K    2736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,716 K    6,984 K    3924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,996 K    8,548 K    1276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,116 K    12,336 K    1268    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,332 K    8,900 K    1560    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,852 K    7,812 K    5556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,952 K    8,220 K    3792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,140 K    9,568 K    1672    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,632 K    6,664 K    4052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,520 K    7,180 K    1740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,616 K    5,728 K    6536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,296 K    5,640 K    540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        964 K    3,900 K    984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        32,148 K    80,172 K    5536            (Verified) Microsoft Windows
spoolsv.exe        6,060 K    16,756 K    3492    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,164 K    1,184 K    404    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smartscreen.exe        7,876 K    22,196 K    10344    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        6,752 K    25,552 K    4788    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe        24,812 K    65,284 K    7956    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,132 K    6,292 K    1868    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        2,756 K    5,004 K    6308    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        6,036 K    10,532 K    800    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        3,008 K    11,828 K    10196    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    117,860 K    186,344 K    500    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        28,696 K    33,164 K    3992    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        13,116 K    41,072 K    7564    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,516 K    22,444 K    7872    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,092 K    16,536 K    9552    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,568 K    25,548 K    7024    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
rundll32.exe        1,920 K    10,108 K    9172    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,276 K    13,988 K    4716    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,724 K    14,876 K    5952    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,712 K    7,564 K    4028    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,880 K    8,344 K    3048    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    7,948 K    17,344 K    10436    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        5,420 K    11,216 K    12028    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
nlssrv32.exe        2,096 K    8,176 K    4672    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
ijplmsvc.exe        5,576 K    8,204 K    3960    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
HPWMISVC.exe        3,244 K    11,668 K    3124    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe        3,228 K    12,408 K    7152    HP Message Service    HP Inc.    (Verified) HP Inc.
fontdrvhost.exe        4,692 K    12,180 K    996    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,564 K    3,508 K    1004    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        48,144 K    56,148 K    6640    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        30,952 K    48,948 K    9332    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        4,772 K    12,624 K    10844    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,520 K    6,556 K    7748    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,288 K    10,688 K    6756    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,596 K    6,888 K    9952    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        4,268 K    15,348 K    5668    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,664 K    11,056 K    2308    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,432 K    10,608 K    3360    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        3,256 K    9,872 K    8736    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        1,852 K    7,680 K    3776    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
audiodg.exe        10,260 K    17,176 K    1684    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,376 K    6,144 K    2348    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,412 K    6,904 K    3752    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        4,640 K    24,152 K    1200    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
app_updater.exe        6,752 K    13,396 K    3864    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
amdow.exe        2,244 K    7,876 K    8292    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AGSService.exe        4,504 K    18,104 K    3768    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.


 


  • 0

#79
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Keep the garmin.  Thought it was just a GPS for the car.

 

Search for

notepad

when it finds it right click and Run As Admin.

 

File, Open and navigate to C:\Windows\Windows\inf\oem8.inf

OK

Find the line:

 

BIOS_VER      = 0x0F210000

 

change it to

 

BIOS_VER      = 0x0F220000

 

File, Save

close notepad.  (if it won't let you save it tell me and stop here.)

 

Delete C:\Windows\inf\oem8.PNF

 

Reboot

 

Go back into Device Manager.  Is System Firmware still flagged?

 

Can I see new copies of VEW logs


  • 0

#80
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

When I navigate to C:\Windows\Windows\inf

 

This is what I see.  Not sure where to find oem8.inf

 

Annotation 2020-01-08 203814.jpg


  • 0

#81
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Scroll down.  You are looking at folders.  The files are sorted separately below the folders.


  • 0

#82
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Sorry that was really dumb.  It was only searching for txt files

 

Made the changes but System Firmware was still flagged after reboot. 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/01/2020 10:04:15

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2020 10:04:49
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:49
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:44
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:44
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:38
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:38
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:35
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:35
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:31
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:31
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:24
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:24
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:17
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:17
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:12
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:12
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 10:04:01
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 10:04:01
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2020 09:56:43
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RS-140429774-01\Bob Scott SID (S-1-5-21-2617516664-2097498628-2091352067-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 09:56:39
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RS-140429774-01\Bob Scott SID (S-1-5-21-2617516664-2097498628-2091352067-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 09:54:50
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 7 seconds since the last report.

Log: 'System' Date/Time: 09/01/2020 09:53:08
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 09:53:08
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 09:52:31
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 09/01/2020 09:51:22
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Log: 'System' Date/Time: 09/01/2020 09:07:42
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 09/01/2020 09:07:40
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 09/01/2020 09:07:40
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 09/01/2020 09:07:36
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/01/2020 09:07:29
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 08/01/2020 20:25:20
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 08/01/2020 20:25:18
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 08/01/2020 20:25:14
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 08/01/2020 20:25:06
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 08/01/2020 10:46:56
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 08/01/2020 10:25:29
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 15 seconds since the last report.

Log: 'System' Date/Time: 08/01/2020 10:16:45
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user RS-140429774-01\Bob Scott SID (S-1-5-21-2617516664-2097498628-2091352067-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 08/01/2020 10:16:14
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/01/2020 10:07:49

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/01/2020 10:19:08
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: CrashSender1400.exe, version: 1.4.0.0, time stamp: 0x582d2641 Faulting module name: MSVCR110.dll, version: 11.0.51106.1, time stamp: 0x5098858e Exception code: 0xc0000409 Fault offset: 0x0009f967 Faulting process ID: 0x214c Faulting application start time: 0x01d5c60d0547cb20 Faulting application path: C:\Program Files (x86)\Guardware\Integrity Management\CrashSender1400.exe Faulting module path: C:\Program Files (x86)\Guardware\Integrity Management\MSVCR110.dll Report ID: 392dea4a-ed37-480b-8189-2cebe9014aca Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 08/01/2020 10:14:41
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 08/01/2020 10:14:41
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 08/01/2020 10:14:41
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 08/01/2020 10:14:41
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 07/01/2020 20:21:27
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: HxTsr.exe, version: 16.0.12228.20356, time stamp: 0x5de82f0f Faulting module name: hxcomm.dll, version: 16.0.12228.20356, time stamp: 0x5de85a7d Exception code: 0x02123792 Fault offset: 0x000000000016a5cc Faulting process ID: 0x25d4 Faulting application start time: 0x01d5c59800c6517d Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\hxcomm.dll Report ID: 7a37aa03-4904-4087-842e-a59e5e1137c2 Faulting package full name: microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/01/2020 20:21:19
Type: Warning Category: 1
Event: 636 Source: ESENT
svchost (8808,D,35) Unistore: Flush map file "C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.jfm" will be deleted. Reason: ReadHdrFailed.

Log: 'Application' Date/Time: 07/01/2020 20:21:19
Type: Warning Category: 1
Event: 640 Source: ESENT
svchost (8808,D,35) Unistore: Error -1919 validating header page on flush map file "C:\Users\Bob Scott\AppData\Local\Comms\UnistoreDB\store.jfm". The flush map file will be invalidated.  Additional information: [SignDbHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignFmHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignDbHdrFromFm:Create time:01/06/2020 21:19:42.484 Rand:992871523 Computer:] [SignFmHdrFromFm:Create time:01/07/2020 20:04:07.406 Rand:1697658120 Computer:]


 


  • 0

#83
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

See if you can get High Performance set this way:

 

https://tunecomp.net...-power-options/

 

Turn off WPAD since it's a security issue and a waste of time:

 

  1. Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results.
  2. Navigate through the tree to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad.
  3. Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)".
  4. Name this new value "WpadOverride".
  5. Double click the new "WpadOverride" value to edit it.
  6. In the "Value data" field, replace the "0" with a "1", then click "OK".
  7. Change will take effect at next reboot of the computer.

Go to Settings, Time & Language  then Date & Time then Sync Now.  Do you get a checkmark or does it complain?

If it complains try changing the time server:

https://www.windowsc...vers-windows-10

 

Also did you ever update the wireless adapter?

 

Go back into

services.msc

and verify that GuardWareProxy service is still set to Automatic (Delayed Start).  Also verify that it has started.

 

Go back into C:\Windows\inf and verify that notepad did not tack on a .txt to oem8.inf so that it now says oem8.inf.txt.  Doubt it but just making sure.  If that didn't happen then:

 

Let's try something tricky.

Copy oem8.inf and paste it onto your desktop.

Copy c_firmware.inf paste it onto your desktop.

Delete the original oem8.inf (in C:\Windows\inf) 

Delete  oem8.PNF

Rename c_firmware.inf to oem8.inf

Copy c_firmware.inf on your desktop top back to C:\Windows\inf

 

Go into device manager and right click on System Firmware and Uninstall (Do not delete drivers if it asks)

 

This essentially makes it look like my HP which is the same model but with a better processor and more RAM.

 

Search for Event Viewer

hit Enter

Click on the arrow in front of Windows Logs then click on Applications and right click on Applications and Clear Log, Clear.

Repeat for System

 

Reboot.

 

Run VEW again and let's see if things have improved.

 

Also make a new Process Explorer log as before.


  • 0

#84
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Not having much luck here.

 

Have changed to the High Performance Plan

 

But WPAD does not appear at the bottom of that tree

 

Annotation 2020-01-09 150312.jpg

 

Have Synced Date and Time

 

But Guardware Proxy is Automatic and hasn't started

 

Annotation 2020-01-09 150741.jpg

 

And it won't let me rename c_firmware.inf

 

Annotation 2020-01-09 152308.jpg


  • 0

#85
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Not sure you are in the correct tree in regedit but download the attached wpad.zip file.

Attached File  wpad.zip   333bytes   127 downloads

 

Right click on it and Extract All, Extract.  Right click on wpad.reg and Merge.

 

That should put it where it belongs and add the fix.

 

If we can't rename c_firmware.inf can we

move our desktop  copy of oem8.inf to another folder then rename the copy of c_firmware.inf on the desktop  to oem8.inf?  Then copy and past our new oem8.inf to c:\Windows\inf?

 

If not put the oem8.inf file back in INF

 

Are you able to stop GuardwareProxy?  Then Start?

 

Go back into regedit and look in

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

 

for GuardWareProxy

 

What does Start say?

What does Depend on Service say?

 

 

 

 

 

 

 


  • 0

Advertisements


#86
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Renaming the desktop c_firmware.inf worked

 

I can't start GuardwareProxy:

 

Annotation 2020-01-09 172650.jpg

 

Annotation 2020-01-09 172651.jpg

 

 

Here is the latest VEW logs

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/01/2020 17:29:39

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/01/2020 17:16:29
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress. .

Log: 'Application' Date/Time: 09/01/2020 17:16:29
Type: Error Category: 0
Event: 13 Source: VSS
Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ]

Log: 'Application' Date/Time: 09/01/2020 17:16:19
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WpnUserService, version: 10.0.18362.1, time stamp: 0x32d6c210 Faulting module name: wpnuserservice.dll, version: 10.0.18362.1, time stamp: 0xea13e855 Exception code: 0xc0000409 Fault offset: 0x0000000000008596 Faulting process ID: 0x1538 Faulting application start time: 0x01d5c7103a2503dc Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\wpnuserservice.dll Report ID: 2f649f5e-2c0b-4d38-a494-d9b0a6b2012f Faulting package full name:  Faulting package-relative application ID:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/01/2020 17:30:29

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2020 17:30:29
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:29
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:30:23
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:23
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:30:17
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:17
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:30:15
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:15
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:30:06
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:06
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:30:02
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:30:02
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:29:58
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:29:58
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:29:52
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:29:52
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:29:45
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:29:45
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Log: 'System' Date/Time: 09/01/2020 17:29:40
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The GuardWareProxy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 09/01/2020 17:29:40
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/01/2020 17:20:20
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 20 seconds since the last report.

Log: 'System' Date/Time: 09/01/2020 17:18:44
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user RS-140429774-01\Bob Scott SID (S-1-5-21-2617516664-2097498628-2091352067-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:18:14
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:18:14
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:17:31
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 09/01/2020 17:16:34
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 8 seconds since the last report.

Log: 'System' Date/Time: 09/01/2020 17:16:30
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll

Log: 'System' Date/Time: 09/01/2020 17:14:52
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user RS-140429774-01\Bob Scott SID (S-1-5-21-2617516664-2097498628-2091352067-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:14:20
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:14:19
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 09/01/2020 17:13:45
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0xffffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 09/01/2020 17:12:58
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\system32\Rtlihvs.dll


And Process Explorer

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
GWProxy.exe    35.97    1,752 K    8,020 K    10992        Guardware Ltd.    (Verified) Guardware Ltd.
System Idle Process    19.15    60 K    8 K    0            
procexp64.exe    15.38    36,128 K    70,852 K    2208    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
WmiPrvSE.exe    11.09    6,140 K    14,832 K    5612    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
aswidsagent.exe    3.87    23,916 K    37,376 K    6808    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
conhost.exe    3.77    6,760 K    12,960 K    3000    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
System    3.70    200 K    1,116 K    4            
AvastSvc.exe    2.52    115,256 K    39,936 K    3260    Avast Antivirus  Service    AVAST Software    (Verified) AVAST Software s.r.o.
dwm.exe    1.99    96,212 K    70,528 K    1080    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    1.34    0 K    0 K    n/a    Hardware Interrupts and DPCs        
cmd.exe    0.75    1,888 K    2,276 K    3132    Windows Command Processor    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.73    6,444 K    5,528 K    736    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.68    79,012 K    88,676 K    2520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AvastUI.exe    0.54    25,720 K    45,104 K    3148    Avast Antivirus     AVAST Software    (Verified) AVAST Software s.r.o.
app_updater.exe    0.46    6,028 K    11,496 K    4632    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
svchost.exe    0.41    12,716 K    25,212 K    4004    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
express.exe    0.37    52,704 K    88,808 K    6000    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
GWClient.exe    0.27    6,080 K    18,356 K    4384    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
firefox.exe    0.26    145,180 K    178,916 K    7080    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.23    56,592 K    124,832 K    6084    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
amddvr.exe    0.21    179,684 K    16,548 K    9196    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
csrss.exe    0.17    2,252 K    5,680 K    628    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
atieclxx.exe    0.17    2,492 K    10,860 K    2504    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
EOS Utility.exe    0.09    25,752 K    31,024 K    1408    EOS Utility    Canon INC.    (Verified) Canon Inc.
AGMService.exe    0.09    3,820 K    13,412 K    4604    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
GWW.exe    0.05    49,672 K    47,800 K    5972    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
firefox.exe    0.05    184,636 K    275,684 K    9760    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
services.exe    0.05    5,564 K    10,300 K    792    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOSUPNPSV.exe    0.02    3,672 K    10,148 K    7724    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
psi_tray.exe    0.02    1,452 K    6,852 K    7232    Secunia PSI Tray    Secunia    (Verified) Secunia
SearchIndexer.exe    0.02    30,492 K    34,468 K    7064    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    27,380 K    26,764 K    3708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
lsass.exe    0.01    7,920 K    21,444 K    808    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    5,380 K    16,812 K    2900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
HPWMISVC.exe    0.01    2,996 K    11,424 K    4484    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe    0.01    3,220 K    12,296 K    5596    HP Message Service    HP Inc.    (Verified) HP Inc.
firefox.exe    0.01    66,524 K    104,384 K    10488    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
AGSService.exe    0.01    3,400 K    14,208 K    4624    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
ijplmsvc.exe    0.01    5,516 K    8,164 K    4020    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
SynTPEnh.exe    < 0.01    7,720 K    20,648 K    6256    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
RuntimeBroker.exe    < 0.01    4,696 K    27,716 K    1908    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
SynTPEnhService.exe    < 0.01    3,444 K    10,268 K    2216    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    < 0.01    3,452 K    12,600 K    5252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,452 K    15,968 K    8868    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
YourPhone.exe    Suspended    13,904 K    34,948 K    3376            (No signature was present in the subject)
wsc_proxy.exe        2,432 K    9,744 K    2496    Avast Antivirus  remediation exe    AVAST Software    (Verified) AVAST Software s.r.o.
WmiPrvSE.exe        3,272 K    9,908 K    5692    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,092 K    7,376 K    3340    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,948 K    12,312 K    848    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,320 K    6,792 K    728    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe        15,268 K    44,060 K    7508    WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        5,768 K    21,148 K    7580    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,356 K    6,664 K    5524    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,600 K    7,052 K    4316    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        6,332 K    16,464 K    5828    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettingsBroker.exe        6,812 K    28,748 K    8816    System Settings Broker    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,180 K    6,524 K    6824    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        4,656 K    12,672 K    2200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11,908 K    30,376 K    568    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,964 K    21,972 K    3976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,720 K    11,332 K    6364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,240 K    14,592 K    1936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,548 K    8,448 K    620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,060 K    15,848 K    724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,028 K    8,088 K    3728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,316 K    8,712 K    5196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,920 K    13,960 K    2956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,364 K    23,648 K    5508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,532 K    6,032 K    1444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,988 K    7,196 K    4036    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,100 K    19,724 K    3864    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,740 K    14,664 K    3296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,748 K    8,844 K    2740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        16,436 K    19,520 K    1480    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,040 K    10,604 K    3996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,264 K    7,584 K    1948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,184 K    8,812 K    3480    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,268 K    15,536 K    1292    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,320 K    7,720 K    8252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,884 K    18,856 K    3200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,632 K    24,660 K    3008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,428 K    11,460 K    3992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,228 K    9,344 K    1744    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,892 K    8,040 K    2432    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,628 K    32,980 K    5428    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,240 K    8,696 K    12068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,640 K    10,564 K    6636    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,448 K    15,424 K    5280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,328 K    5,844 K    2568    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,124 K    11,976 K    9232    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,000 K    10,328 K    7740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,604 K    20,608 K    3584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,464 K    10,684 K    1308    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,676 K    13,396 K    2288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,636 K    21,252 K    5380    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,664 K    9,848 K    2780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,820 K    6,616 K    2764    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,928 K    7,700 K    2512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,840 K    11,560 K    1472    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,128 K    10,032 K    2560    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,052 K    7,868 K    3120    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,728 K    10,004 K    1588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,952 K    12,120 K    1684    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,748 K    8,992 K    6544    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,596 K    5,816 K    6196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,796 K    7,804 K    5984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,692 K    10,608 K    11800    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,040 K    8,632 K    1996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,824 K    11,856 K    5372    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,624 K    6,656 K    4140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,324 K    5,468 K    4120    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,284 K    5,632 K    2784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,716 K    6,896 K    3076    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,900 K    8,208 K    3916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,660 K    7,900 K    3984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,960 K    8,240 K    4052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,596 K    19,812 K    3696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,876 K    6,768 K    3552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,020 K    7,908 K    2724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,904 K    8,256 K    2644    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,816 K    7,540 K    2224    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,844 K    7,692 K    2376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,084 K    9,576 K    2016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,576 K    7,196 K    1856    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,148 K    8,788 K    1420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,876 K    11,916 K    1460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,028 K    8,784 K    1452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,816 K    12,120 K    1352    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        948 K    3,912 K    984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,484 K    26,420 K    7364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,960 K    7,100 K    11588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        31,024 K    71,584 K    6708            (Verified) Microsoft Windows
spoolsv.exe        6,132 K    16,752 K    3648    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,148 K    1,152 K    416    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smartscreen.exe        8,060 K    23,076 K    11340    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        6,648 K    27,284 K    5716    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe        33,356 K    76,576 K    7960    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,496 K    6,252 K    8516    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        3,160 K    11,952 K    9548    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    102,700 K    171,416 K    8860    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        15,244 K    44,228 K    7868    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,244 K    28,384 K    1228    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,720 K    6,988 K    9916    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,452 K    12,128 K    11232    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,140 K    19,760 K    1528    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,132 K    24,240 K    5576    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,472 K    14,132 K    2056    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,816 K    14,912 K    1544    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,676 K    7,516 K    4596    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,796 K    8,252 K    3056    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    8,252 K    22,576 K    8140    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        10,836 K    93,528 K    88            
RadeonSettings.exe        161,296 K    44,376 K    6832    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
procexp.exe        5,392 K    11,176 K    10532    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
OfficeClickToRun.exe        27,668 K    54,712 K    4460    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
nlssrv32.exe        2,096 K    8,164 K    4556    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
Memory Compression        220 K    46,360 K    2656            
HxTsr.exe    Suspended    12,676 K    45,104 K    8184    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe    Suspended    85,920 K    136,308 K    9292    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
fontdrvhost.exe        1,576 K    3,548 K    996    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        5,228 K    12,448 K    992    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        33,132 K    51,528 K    9556    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        25,452 K    50,316 K    10388    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        2,036 K    12,100 K    292    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,632 K    11,500 K    636    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,900 K    11,196 K    3924    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,660 K    6,908 K    10156    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        5,016 K    16,188 K    6068    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,644 K    11,076 K    8636    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,404 K    10,648 K    3360    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        3,080 K    8,040 K    6148    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        1,880 K    7,668 K    4616    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
audiodg.exe        10,016 K    19,396 K    11392    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,400 K    6,188 K    2280    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,412 K    6,900 K    4468    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        8,704 K    30,664 K    9268    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
amdow.exe        2,272 K    7,868 K    8216    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.


 


  • 0

#87
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Go back into Regedit and look at the guardwareproxy service again.  There is an entry in the right pane that says: 

 

AutorunsDisabled and has a value of 2

 

2 should mean that it is set to autostart again but best to right click on AutorunsDisabled and Delete. 

 

Check any of the other guardware services that were unchecked in Autoruns to make sure they don't have similar entries.

 

Did the yellow flag go away in System Firmware?

 

 

Nap time.


  • 0

#88
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

Deleted AutorunsDisabled and it doesn't appear in any of the other entries

 

GuardwareProxy still won't start

 

Flag is still there


  • 0

#89
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Guess we didn't fool it.  I would copy the original oem8.inf back on top of the one now in inf.

 

You could try redownloading the latest BIOS and see if it will let you reinstall over the current one.

https://support.hp.c.../model/22757794

maybe you got a bad download.

 

As for guardwareproxy the only thing we can do now (other than have the owners of the software reinstall it or let FRST remove it completely) is run Process Monitor and see if there is anything obvious that is failing.

This may require you to use a large file transfer service and to upload an enormous file to said service but let's see if we can get by with just a screenshot..

 

download Process Monitor https://live.sysinte...com/Procmon.exe
Save it to your desktop.  Run Process Monitor (right click and Run As Admin).

As soon as it starts, File, then uncheck Capture Events.  Once it stops,

Click on Filter, change the first box to Process Name (using the dropdown menu), second box stays at IS ,thirdbox changes to GWProxy.exe,  fourth box stays at Include.  Hit Add then OK.
 

Now go to services.msc and stop the guardwareproxy service.  Go back to Process Monitor and Edit, Clear Display.  go back to services and start the guardwareproxy service.  Back to Process Monitor and take a screen shot as soon as you can or as soon as the page begins to fill up. Post the screenshot.


  • 0

#90
BobScott49

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts

WooHoo!!

 

The second BIOS update solved the Firmware issue.  It's no longer flagged.

 

However, I can't stop GuardwareProxy, as you can see everything is greyed out except start.  When I looked in Properties, It was flicking between Starting and Stopped but stop was not allowed

 

 

 

Annotation 2020-01-09 230236.jpg


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP