Hi all,
I have csrss.exe on my laptop and would like to get it removed.
Can anyone help please?
csrss.exe removal [Solved]
Started by
covphoenix
, Feb 01 2021 10:17 AM
-
This topic is locked
#2
Posted 01 February 2021 - 10:56 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by ryanstockham (administrator) on RYAN-PC (Hewlett-Packard HP Pavilion 15 Notebook PC) (01-02-2021 16:39:28)
Running from C:\Users\ryanstockham\Desktop
Loaded Profiles: ryanstockham
Platform: Windows 10 Home Version 2004 19041.746 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\ScanToPCActivationApp.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.4-0\NisSrv.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Opera Software AS -> Opera Software) C:\Users\ryanstockham\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-10-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2623032 2019-07-26] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Run: [HP ENVY 5540 series (NET)] => C:\Program Files\HP\HP ENVY 5540 series\Bin\ScanToPCActivationApp.exe [3770504 2017-03-27] (Hewlett Packard -> HP Inc.)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Run: [HP ENVY Photo 6200 (NET)] => C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\ScanToPCActivationApp.exe [4064160 2019-03-18] (HP Inc -> HP Inc.)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Run: [348A4BEC03741000AFA97382997FA9ACCC30F302._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Run: [Opera Browser Assistant] => C:\Users\ryanstockham\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3366424 2020-12-08] (Opera Software AS -> Opera Software)
HKLM\...\Windows x64\Print Processors\hpzpp4v2: C:\Windows\System32\spool\prtprocs\x64\hpzpp4v2.dll [224768 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\EPSON Stylus DX4800 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMADE.DLL [119808 2005-06-09] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP CE11 Status Monitor: C:\WINDOWS\system32\hpinkstsCE11LM.dll [393352 2017-03-19] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\PCL hpz3l4v2: C:\WINDOWS\system32\hpz3l4v2.dll [130048 2007-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.104\Installer\chrmstp.exe [2021-01-27] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-03-24] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-09-13]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0658B39F-A4C0-436B-A593-667E7CB48B89} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\EN5540_Full_WebPack_1119.exe <==== ATTENTION
Task: {0BFEE0F3-2502-42C6-8896-0E77983FBC01} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0C9193A9-FBBD-41FA-8DE3-5EE84EBD823D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {17E30B2A-48CD-4599-9CAA-FB291AF4ADF7} - System32\Tasks\HPCustParticipation HP ENVY 5540 series => C:\Program Files\HP\HP ENVY 5540 series\Bin\HPCustPartic.exe [6438536 2017-03-27] (Hewlett Packard -> HP Inc.)
Task: {1861A01C-F635-438C-99F6-C59A9DCF6682} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {196EE173-2898-4D1C-B9E6-4DA7A0D378B5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {2013CC17-5693-49D6-A0A8-E4A55C5FFC00} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {2572738E-13AE-4F32-987A-C17026ECBDB6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH82S4V09F => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {28D65F40-C4B8-432B-8DC7-DD45D7371273} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe
Task: {2D17AD18-9DCD-46AB-A872-7A2C9E25EA90} - System32\Tasks\AdobeAAMUpdater-1.0-Ryan-PC-ryanstockham => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {32741FD9-D9E9-40BE-952F-B51714B1F5D7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {387728E1-0BE6-4FAC-BE9F-14A300A4F29D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {3B56E9F9-2A6C-48FD-8D57-504D43154498} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {40A62C30-BA4C-47B8-8FCA-F0F11BE2422A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {40F2F87A-F127-49DC-84C8-5C443B585B5C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {41EECA3B-AD3E-4050-B7C7-2F7B7F5F61A4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1161112 2021-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {42D7F2A9-CF50-44CA-923C-5E11F018C1AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {4628BA2E-0DC3-4756-B256-C45220DBFBB0} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40864 2021-01-26] (Garmin International, Inc. -> )
Task: {47E5A3C0-A06B-485B-B91F-CDB336D7972C} - System32\Tasks\Norton Internet Security\Norton Internet Security Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe
Task: {484AA0D2-F078-4298-82A3-054EB86B656C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-18] (Google Inc -> Google Inc.)
Task: {4EF9D84F-CFFD-4830-8C6A-645079C37898} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {51022920-FE82-4845-84A8-B30A03C46829} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {5330DFE6-8CE9-4D29-99D2-D7CB97E75E50} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6E7AA1CF-7D56-4ECE-AC29-A4CD3C0C828C} - System32\Tasks\Opera scheduled assistant Autoupdate 1592659333 => C:\Users\ryanstockham\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\ryanstockham\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6ECA333C-537F-464D-9886-6F8C22B418CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\MpCmdRun.exe [562224 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F5DB901-5915-439E-A419-D33AB43CB6D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\MpCmdRun.exe [562224 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {707D1D9A-7041-46E7-AD9C-BEE3672134E4} - System32\Tasks\{B0A395E0-051C-4993-9B37-D7DEE81FAFBC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe" -c REPAIRUI RERUNMODE
Task: {754E91BD-1EB3-408D-AF17-C69877147675} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [664784 2020-09-17] (Mozilla Corporation -> Mozilla Foundation)
Task: {768E64D2-1E22-43EC-90B2-0A813764AC48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4179040 2016-12-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {783C28D0-233E-4AAF-BAF0-C2D6B45923BF} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1344312 2013-09-10] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {7C5E2A14-776D-47E7-BFC6-2D9B940A4E10} - \WPD\SqmUpload_S-1-5-21-3637880556-865379904-740243096-1002 -> No File <==== ATTENTION
Task: {7FAC5E08-F152-48FC-AB6D-22B367F69CD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [348504 2020-11-06] (HP Inc. -> HP Inc.)
Task: {851B0B22-0FAA-4A79-9148-70A9DC53C7EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8C07D426-3BBD-4937-BD06-86DECF22B19C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {930E8160-6F72-430A-87BF-07007A7FC41F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {A15DD181-357B-449B-90B5-51B3EE78999E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A353B7D8-5C59-4F31-9C0B-57032E878816} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AB1CC7B5-25E9-4E3A-8116-52930EB8C8A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [553304 2020-10-28] (HP Inc. -> HP Inc.)
Task: {AC6BAB94-0DF4-4485-98B8-579E739A61A9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B038E2C3-742D-49B2-B286-2CEC983AB1F2} - System32\Tasks\Opera scheduled Autoupdate 1592659318 => C:\Users\ryanstockham\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {B0F84D98-862B-4E86-A4EC-6630D38EC1C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B0FD4CAE-6BB7-4FB3-91FF-ECD58FBEAF4A} - \Optimize Start Menu Cache Files-S-1-5-21-3637880556-865379904-740243096-1002 -> No File <==== ATTENTION
Task: {B1BEA8FD-A384-4D6B-8844-ECF5AF0F208B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\MpCmdRun.exe [562224 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B3E94E04-924B-4FB7-8299-C4C8E33F4053} - System32\Tasks\HPCustParticipation HP ENVY Photo 6200 series => C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPCustPartic.exe [6659488 2019-03-18] (HP Inc -> HP Inc.)
Task: {B6CFE01D-A5C8-46FB-9BED-66C2B5E64B9E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC32B10F-0EAE-45DD-9E68-2C5892155019} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-18] (Google Inc -> Google Inc.)
Task: {BFD02CD7-7192-4544-8334-431D95CE2937} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {DA2A2FD8-58FF-4F80-9D22-839746E05530} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DAA8CB5B-44C7-4AE0-8027-E84214522870} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DD918511-5258-41F4-B0D2-F12A1E943530} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [265992 2015-03-24] (CyberLink Corp. -> CyberLink Corp.)
Task: {DE530E18-ACD5-4F13-BC8A-7962986153DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Update Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {E2C9F719-9E8E-4B6A-91C8-800AA64DEC43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {E7F11005-E5D6-4664-931C-0630CAF01709} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH5C92N0G0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-16] (HP Inc. -> HP Inc.)
Task: {E8313CC4-9741-4CE7-B7F6-85B1E7B84185} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EAAD878A-E51A-4414-A6BA-AEFC9B011B78} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\WSCStub.exe
Task: {ECC87E54-960B-4B20-8D6E-2EB469E9466F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.)
Task: {EE047464-181D-4D31-9591-C235CCC16DE9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\MpCmdRun.exe [562224 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F85882BE-ED4A-4410-8171-339D6F18B522} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {FB09E2A5-1519-4191-B2AC-A5F63FA26C27} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.10.0.85\SymErr.exe
Task: {FD9E78D1-2793-40AF-878A-331004F52FCB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7be248c5-c11e-410f-b78a-01d8c4514bff}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a0220115-69ba-4ad2-b606-57637331fdda}: [DhcpNameServer] 192.168.0.1
Edge:
=======
DownloadDir: C:\Users\ryanstockham\Downloads
Edge Notifications: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> hxxps://www.facebook.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\ryanstockham\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge DownloadDir: C:\Users\ryanstockham\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
FireFox:
========
FF DefaultProfile: 8uld025m.default
FF ProfilePath: C:\Users\ryanstockham\AppData\Roaming\Mozilla\Firefox\Profiles\8uld025m.default [2020-09-27]
FF ProfilePath: C:\Users\ryanstockham\AppData\Roaming\Mozilla\Firefox\Profiles\iewkjoow.default-release [2020-12-14]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.6.0.142\coFFAddon => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.6.0.142\coFFAddon => not found
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-07-26] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-3637880556-865379904-740243096-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\ryanstockham\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default [2021-02-01]
CHR Notifications: Default -> hxxps://meet.google.com
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://isearch.avg.com/?cid={AB2A0BFE-C9BB-44B1-A79E-71818EB04889}&mid=2b22af3ead6d47d09e3fd16f64c58fdd-429ff51c67c26c314b737bb5a4eab5dfd188e547&lang=en&ds=st011&pr=sa&d=2012-06-17 15:00:29&v=11.1.0.7&sap=hp","hxxp://search.babylon.com/?affID=112560&tt=2912_2&babsrc=HP_ss&mntrId=def1bb5300000000000000262221662e","hxxps://www.tabletennis365.com/Coventry"
CHR Extension: (Slides) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05]
CHR Extension: (Docs) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-05]
CHR Extension: (Google Drive) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Sheets) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-22]
CHR Extension: (Norton Identity Safe) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-08]
CHR Extension: (My Study Life) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo [2020-01-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\ryanstockham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
Opera:
=======
OPR Profile: C:\Users\ryanstockham\AppData\Roaming\Opera Software\Opera Stable [2021-02-01]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [816184 2019-07-26] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
S2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-13] (RealNetworks, Inc. -> RealNetworks, Inc.)
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115736 2015-09-13] (RealNetworks, Inc. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\NisSrv.exe [2475344 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.4-0\MsMpEng.exe [128368 2021-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Zoho Assist-Remote Support; C:\Program Files (x86)\ZohoMeeting\ZAService.exe [3287912 2021-02-01] (ZOHO Corporation private Limited -> )
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\SysWOW64\drivers\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-01-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419048 2021-01-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-01-27] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-01 16:39 - 2021-02-01 16:42 - 000035709 _____ C:\Users\ryanstockham\Desktop\FRST.txt
2021-02-01 16:38 - 2021-02-01 16:38 - 002297856 _____ (Farbar) C:\Users\ryanstockham\Desktop\FRST64 (1).exe
2021-02-01 16:36 - 2021-02-01 16:41 - 000000000 ____D C:\FRST
2021-02-01 16:35 - 2021-02-01 16:36 - 002297856 _____ (Farbar) C:\Users\ryanstockham\Downloads\FRST64.exe
2021-02-01 15:40 - 2021-02-01 15:55 - 000000000 ____D C:\Program Files (x86)\ZohoMeeting
2021-02-01 15:40 - 2021-02-01 15:40 - 001055456 _____ (ZOHO Corporation) C:\Users\ryanstockham\Downloads\ZA_Connect.exe
2021-02-01 15:40 - 2021-02-01 15:40 - 000000000 ____D C:\Users\ryanstockham\AppData\Local\ZohoMeeting
2021-02-01 15:40 - 2021-02-01 15:40 - 000000000 ____D C:\ProgramData\ZohoMeeting
2021-02-01 14:28 - 2021-02-01 14:28 - 000000000 ____D C:\Users\ryanstockham\AppData\Local\Garmin_Ltd._or_its_subsid
2021-02-01 14:27 - 2021-02-01 14:28 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-02-01 14:27 - 2021-02-01 14:27 - 000003624 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2021-02-01 14:27 - 2021-02-01 14:27 - 000001970 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-02-01 14:27 - 2021-02-01 14:27 - 000001970 _____ C:\ProgramData\Desktop\Garmin Express.lnk
2021-02-01 14:27 - 2021-02-01 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-02-01 14:25 - 2021-02-01 14:26 - 133236016 _____ (Garmin Ltd or its subsidiaries) C:\Users\ryanstockham\Downloads\GarminExpress (2).exe
2021-02-01 14:01 - 2021-02-01 14:02 - 133236016 _____ (Garmin Ltd or its subsidiaries) C:\Users\ryanstockham\Downloads\GarminExpress (1).exe
2021-02-01 13:56 - 2021-02-01 13:56 - 133236016 _____ (Garmin Ltd or its subsidiaries) C:\Users\ryanstockham\Downloads\GarminExpress.exe
2021-01-17 14:43 - 2021-01-17 14:43 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-17 14:43 - 2021-01-17 14:43 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-17 14:43 - 2021-01-17 14:43 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-17 14:43 - 2021-01-17 14:43 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-17 14:43 - 2021-01-17 14:43 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-17 14:43 - 2021-01-17 14:43 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-17 14:42 - 2021-01-17 14:42 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-17 14:42 - 2021-01-17 14:42 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-17 14:42 - 2021-01-17 14:42 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-17 14:42 - 2021-01-17 14:42 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-17 14:42 - 2021-01-17 14:42 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-17 14:42 - 2021-01-17 14:42 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-17 14:42 - 2021-01-17 14:42 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-17 14:41 - 2021-01-17 14:41 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-17 14:41 - 2021-01-17 14:41 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-17 14:41 - 2021-01-17 14:41 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-17 14:41 - 2021-01-17 14:41 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-17 14:41 - 2021-01-17 14:41 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-17 14:41 - 2021-01-17 14:41 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-17 14:40 - 2021-01-17 14:40 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-17 14:40 - 2021-01-17 14:40 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-17 14:40 - 2021-01-17 14:40 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-17 14:40 - 2021-01-17 14:40 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-17 14:39 - 2021-01-17 14:39 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-17 14:39 - 2021-01-17 14:39 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-17 14:39 - 2021-01-17 14:39 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-17 14:39 - 2021-01-17 14:39 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-17 14:38 - 2021-01-17 14:38 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-17 14:38 - 2021-01-17 14:38 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-17 14:38 - 2021-01-17 14:38 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-17 14:38 - 2021-01-17 14:38 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-17 14:38 - 2021-01-17 14:38 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-17 14:37 - 2021-01-17 14:37 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-17 14:37 - 2021-01-17 14:37 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-17 14:37 - 2021-01-17 14:37 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-17 14:36 - 2021-01-17 14:36 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-17 14:36 - 2021-01-17 14:36 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-17 14:36 - 2021-01-17 14:36 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-17 14:35 - 2021-01-17 14:35 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-17 14:35 - 2021-01-17 14:35 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-02-01 16:37 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-01 16:03 - 2014-04-01 15:16 - 000000000 ____D C:\Users\ryanstockham\Documents\Youcam
2021-02-01 15:49 - 2018-11-06 18:27 - 000000000 ____D C:\Users\ryanstockham\AppData\Local\D3DSCache
2021-02-01 15:41 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-01 15:16 - 2020-08-31 18:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-01 14:28 - 2019-06-25 15:57 - 000000000 ____D C:\ProgramData\Garmin
2021-02-01 14:28 - 2013-11-27 19:30 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-01 13:40 - 2019-10-07 19:05 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-02-01 13:40 - 2019-10-07 19:05 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-02-01 10:09 - 2019-06-25 15:57 - 000000000 ____D C:\Users\ryanstockham\AppData\Local\Garmin
2021-02-01 10:06 - 2020-12-28 10:25 - 000000000 ____D C:\Users\ryanstockham\Desktop\Catan
2021-01-31 18:05 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-31 18:05 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-31 12:49 - 2020-06-23 18:39 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 12:49 - 2020-06-23 18:39 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-31 12:49 - 2020-06-23 18:39 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-31 12:42 - 2014-04-01 19:06 - 000000000 ____D C:\Users\ryanstockham\Documents\ETTA
2021-01-27 20:24 - 2016-04-18 12:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-27 15:45 - 2018-03-11 03:40 - 000000000 ____D C:\Users\ryanstockham\AppData\Local\Packages
2021-01-27 15:30 - 2013-10-17 20:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-27 15:20 - 2018-02-06 08:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-01-27 15:18 - 2020-08-30 19:29 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-01-24 17:23 - 2020-08-31 18:46 - 000004214 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1592659318
2021-01-24 17:23 - 2020-06-20 13:22 - 000001543 _____ C:\Users\ryanstockham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera browser.lnk
2021-01-24 17:16 - 2020-08-31 18:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-24 17:16 - 2020-08-31 18:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-24 17:15 - 2020-08-31 18:35 - 000934922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-24 17:10 - 2020-01-25 19:35 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-24 17:07 - 2020-08-31 18:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-24 17:07 - 2020-08-31 18:08 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-24 17:07 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-17 22:06 - 2019-12-07 09:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-17 22:06 - 2015-08-24 09:06 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-01-17 21:57 - 2020-08-31 18:08 - 000462352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-17 21:53 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-17 21:52 - 2019-12-07 14:48 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-17 21:52 - 2019-12-07 14:48 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-17 21:52 - 2019-12-07 14:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-17 21:52 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-17 14:54 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-17 14:35 - 2020-08-31 18:14 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-17 14:08 - 2014-04-07 17:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-17 14:03 - 2014-04-07 17:27 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-17 12:55 - 2019-10-15 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-17 12:37 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-01-17 12:37 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories ========
2014-05-01 12:47 - 2014-05-01 12:47 - 027045552 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-08 22:01 - 2016-04-08 22:02 - 266040255 _____ () C:\Users\ryanstockham\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-04-08 22:01 - 2016-04-08 22:02 - 000003014 _____ () C:\Users\ryanstockham\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2018-10-02 13:21 - 2018-10-02 13:21 - 000000000 _____ () C:\Users\ryanstockham\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
#3
Posted 01 February 2021 - 10:56 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by ryanstockham (01-02-2021 16:47:42)
Running from C:\Users\ryanstockham\Desktop
Windows 10 Home Version 2004 19041.746 (X64) (2020-08-31 18:47:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3637880556-865379904-740243096-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3637880556-865379904-740243096-503 - Limited - Disabled)
Guest (S-1-5-21-3637880556-865379904-740243096-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3637880556-865379904-740243096-1004 - Limited - Enabled)
ryanstockham (S-1-5-21-3637880556-865379904-740243096-1002 - Administrator - Enabled) => C:\Users\ryanstockham
WDAGUtilityAccount (S-1-5-21-3637880556-865379904-740243096-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.515 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc) (Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{67A5544A-B62C-4A12-869F-A2A11B57FA84}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d) (Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-b5b8a571-a42f-4a82-aa40-df113809295b) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5118.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Elevated Installer (HKLM-x32\...\{C913E211-2AC5-4BA8-8AC3-4B2814371BD3}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ETTA Table Tennis Manager (HKLM-x32\...\ETTA Table Tennis Manager6.0) (Version: 6.0 - English Table Tennis Association)
Farm Frenzy (HKLM-x32\...\WTA-affd67c8-1223-40fa-9808-c172f04608dc) (Version: 2.2.0.98 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{3EF3A6E8-CCBF-492E-B179-28838182B8F0}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{e174e9f0-1f1d-4284-b0d1-238b43f8ac1b}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP ENVY Photo 6200 series Basic Device Software (HKLM\...\{6AD4613B-4E47-4D35-9A23-7DA15DE4EAA2}) (Version: 44.4.2678.1977 - HP Inc.)
HP ENVY Photo 6200 series Help (HKLM-x32\...\{B0F106A0-9B78-461B-90B6-E70B13968DC4}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.34.31 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.16.22.11 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
IrfanView 4.53 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.53 - Irfan Skiljan)
iTunes (HKLM\...\{4F1F8D6D-AF14-41EB-B17D-3EC95C8E86A1}) (Version: 12.10.10.2 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4f82c505-bc53-4741-8445-5d70588e8279) (Version: 2.2.0.98 - WildTangent) Hidden
K-Lite Codec Packages (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\K-Lite Codec Packages) (Version: - ) <==== ATTENTION
Mahjongg Artifacts (HKLM-x32\...\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc) (Version: 2.2.0.110 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 81.0 (x64 en-GB)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-a44df564-86a1-430c-923e-eda6915214e8) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{9E4F436B-5B50-4D84-954A-5C8A18CEB836}) (Version: 40.11.1119.1786 - HP Inc.)
Product Improvement Study for HP ENVY Photo 6200 series (HKLM\...\{7AC0EECB-58C5-4907-989F-C779E15037B5}) (Version: 44.4.2678.1977 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-555c3930-552b-4976-833e-03bce5a1ad1e) (Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Sky Go 20.5.2.0 (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\com.bskyb.skygoplayer_is1) (Version: 20.5.2.0 - Sky)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32\...\WTA-4114008f-2824-43ee-b949-0d70a6fa008c) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-b58d4b20-60b1-4601-8886-64c125713517) (Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32) (Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Wedding Dash (HKLM-x32\...\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Zoho Assist (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Zoho Assist) (Version: 111.0.3.92 - Zoho Corporation)
Zoom (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51) (Version: 2.2.0.98 - WildTangent) Hidden
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-07] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-12] (Box, Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1940.2.0_x86__kgqvnymyfvs32 [2021-01-27] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-25] (eBay, Inc)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-04] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-28] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-20] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-17] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-21] (Microsoft Corporation)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2021-01-05] (Snapfish)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-04-01] (CYBERLINKCOM CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3637880556-865379904-740243096-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3637880556-865379904-740243096-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2015-09-13] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2013-11-27 19:57 - 2013-02-01 11:15 - 000027136 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:24 - 2013-10-14 11:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2020-12-26 19:26 - 2020-12-26 19:26 - 000168960 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\DAXRPCClient.dll
2020-12-26 19:26 - 2020-12-26 19:26 - 037805568 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\DolbyAccess.dll
2020-04-17 19:21 - 2020-04-17 19:22 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\e_sqlite3.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\xerces-c_3_1.dll
2013-10-14 11:34 - 2013-10-14 11:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-10-14 11:23 - 2013-10-14 11:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-08-31 18:20 - 2020-08-31 18:20 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-08-31 18:20 - 2020-08-31 18:20 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-10-14 11:35 - 2013-10-14 11:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icudt48.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icuuc48.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E [144]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Dom Bank S.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Dom Bank S.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Ryan Bank S.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Ryan Bank S.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-3637880556-865379904-740243096-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {725728BD-238F-40AB-8004-CB625BC56DB0} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB1067D20140501&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-03-11 00:03 - 2018-03-11 00:03 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: MgAssistService => 2
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "EPSON Stylus DX4800"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5163C79D-1DD4-4AD5-8402-D6E5396CB17F}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0FE1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3E2EE33F-63A2-453A-BE3A-4E5FAA528E87}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0FE1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C46793C4-EBEC-400C-8878-B99C9F36F70C}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{861041A2-93A0-48B2-A969-391FBEB0825B}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{FDA81B64-C331-439F-9526-AE7895FD5944}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS031D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1F23126C-14B3-44C4-862C-736A588BC095}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS031D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4B1EED48-27AC-4AF3-A850-F8A25D14DA35}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS023F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2B1ECBA0-3213-4498-9598-41CFB1A11BDD}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS023F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FFBCAC54-9732-4A07-8077-58F7044CCB51}] => (Allow) C:\Users\ryanstockham\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9602C371-1446-49DA-85EF-FDAA25EAF840}] => (Allow) C:\Users\ryanstockham\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{E5B7B384-6CAD-4975-A115-3E49FD349409}C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
FirewallRules: [TCP Query User{472B9151-F14B-48F1-9677-2DDB4AF54710}C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
FirewallRules: [{F5EF4ECA-E292-40DB-BCC4-F3F6C933498E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{807E2D63-974C-494E-B4EF-FBD5B1EE0B12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9CA41EE-5901-4E22-A0A3-11560DDD0FDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C964DB7-1490-4040-B9EA-C7267D920A81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3BA5091-F4BA-45A2-879E-DE62DA1D4FDA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{2786685C-F1E3-4171-98B7-B8BF30E17FB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C288755-76FE-4DBC-AD8C-07D104DC428A}] => (Allow) LPort=2869
FirewallRules: [{ED49264E-7943-4CA5-A39F-0B3E760A3B53}] => (Allow) LPort=1900
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{BBE6837D-AE7C-4664-A662-FAD3A195270B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D8D8C44-8931-4398-8BF4-BE49B82DF10E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BCE7455-FC28-4877-9956-E2F4998FBBD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C16152F3-8BC8-4B12-8CEF-1BF6DCEF75C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B37E0D90-3637-4094-9EF5-5F7DB6F85613}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{630D48EE-F2AD-4CFC-A314-E5104EAC901C}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{77579108-865F-4DE4-8B23-3D56CE059778}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{849CF2EE-1ACD-4467-B0B5-632772EBD749}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6E327951-AAA4-430E-8659-81282FCABD3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{38CED2FF-7108-453B-9BE6-464C14DDB506}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{703FC5D0-1A00-4C42-B097-2AE36ED25F31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{536DBC4A-C8D0-44A1-8DB5-40DE1363C398}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zSE38D.tmp\SymNRT.exe => No File
FirewallRules: [{24CCB70F-02E2-4BE5-92A4-3B36D23E16B7}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zSE38D.tmp\SymNRT.exe => No File
FirewallRules: [{31669E32-9AC9-4C46-8BF7-D1B403FB0EE4}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS7A3B\HP.EasyStart.exe => No File
FirewallRules: [{69FFE612-16E4-4A24-8893-320846FCA2BF}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{C1E51EE7-D7F4-43FE-90CF-766DDA03BFDB}] => (Allow) LPort=5357
FirewallRules: [{3A663CD6-938F-4041-ABEA-D06F4E219785}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{94481EEF-0A23-4993-B5C9-6A960DFDF107}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80A036F8-1EEE-46EE-A2DF-6299D0C73450}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0EB9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{147F7B30-7285-4BCA-97D3-38DB300DB4C5}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0EB9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2F0EB68B-2280-4395-AC33-D305BED65535}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS17AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F5FE87D9-1F18-4DFB-A97B-FE7E84BAA2BC}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS17AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F8667F12-0D41-4622-A499-F2CF692A145E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B4341BCE-2D67-4267-96BB-8326B9115D28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E57398F3-A0AB-476C-9BF9-C0274BF2BA43}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6499384-6DA5-4A8E-A0FC-5C0A46E5408C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1E072D5-3A91-4462-BEFB-00F9F60B352E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC5F7AA2-4B39-46B3-96D9-23FDCDC67FCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33A93EB4-DACD-40E7-B59B-F609DE336B70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A312F62E-0ACE-4033-88E6-BAFBD221AC73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8E60DF9-2EE7-4C33-82C8-762299B4F4A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50E061F8-6FEC-4D07-8F86-DDCF3A8E9E64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8877470F-5CBC-4B38-B2D1-FBF0D03D52DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22A8634D-184D-4039-9F71-22D0D06C1FB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64AA3B39-37F2-45C1-A5E4-30A84813390A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{677E7B4D-AE34-4644-9A4B-FFCDA21CA031}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{99C78A4E-A545-4E76-8A5F-7E84390BAF07}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{031F41D8-BFC0-4AF0-B417-337252684229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E56F6D05-2809-4633-AAD4-1CCC5473F335}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
17-01-2021 13:37:58 Scheduled Checkpoint
24-01-2021 17:55:10 Scheduled Checkpoint
31-01-2021 18:56:43 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/01/2021 04:35:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b80
Start Time: 01d6f8b5353090a5
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 80fb961c-374c-4144-896a-d3eaf63234e6
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Quiesce
Error: (02/01/2021 03:55:32 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 03:55:24 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:19:32 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:19:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:07:50 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:07:44 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 01:41:00 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
System errors:
=============
Error: (02/01/2021 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 03:58:24 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR34.
Error: (02/01/2021 03:55:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR34.
Error: (02/01/2021 02:24:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 02:20:45 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR26.
Error: (02/01/2021 02:19:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR26.
Error: (02/01/2021 02:12:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 02:09:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2021-02-01 16:23:19.5900000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F8F3148E-AEB2-4BED-9387-3C90FF38EA61}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-31 18:07:59.1520000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {43AB4488-BD74-4FB2-80AF-449996AA2877}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-27 15:50:23.2980000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1A605073-7376-4C03-8824-76398605B15F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-27 15:44:04.8540000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {0F040E74-812F-4FEC-9CF8-926D94390CC3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-24 17:37:52.9320000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5704F423-9D1F-4BD6-8C95-7679AE785885}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-31 17:45:58.5890000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2954.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-01-24 17:20:33.9420000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-01-24 17:20:33.9400000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-01-24 17:20:33.9380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2020-12-13 19:49:32.5250000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.38.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===================================
Date: 2020-09-26 14:25:50.7540000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-09-15 17:41:45.9460000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-09-15 17:40:58.9920000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Insyde F.16 11/13/2014
Motherboard: Hewlett-Packard 216B
Processor: AMD A8-4555M APU with Radeon™ HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 7366.26 MB
Available physical RAM: 2937.03 MB
Total Virtual: 8518.26 MB
Available Virtual: 3111.41 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:911.6 GB) (Free:496.59 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (NAVIGON) (Removable) (Total:3.63 GB) (Free:0.15 GB) FAT32
\\?\Volume{c0730b28-62ce-441f-94f9-de1d5b8b4eb7}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS
\\?\Volume{79ec50d0-6364-4303-9844-652c3d8f196f}\ () (Fixed) (Total:0.97 GB) (Free:0.36 GB) NTFS
\\?\Volume{62f33f8e-81ca-42c3-8c0c-7e7b65db2080}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 3.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
#4
Posted 01 February 2021 - 10:57 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by ryanstockham (01-02-2021 16:47:42)
Running from C:\Users\ryanstockham\Desktop
Windows 10 Home Version 2004 19041.746 (X64) (2020-08-31 18:47:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3637880556-865379904-740243096-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3637880556-865379904-740243096-503 - Limited - Disabled)
Guest (S-1-5-21-3637880556-865379904-740243096-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3637880556-865379904-740243096-1004 - Limited - Enabled)
ryanstockham (S-1-5-21-3637880556-865379904-740243096-1002 - Administrator - Enabled) => C:\Users\ryanstockham
WDAGUtilityAccount (S-1-5-21-3637880556-865379904-740243096-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.9.0.515 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (HKLM-x32\...\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc) (Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{5BB304EB-8E5B-0F2D-66FA-6603D9BB3232}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{67A5544A-B62C-4A12-869F-A2A11B57FA84}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d) (Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-b5b8a571-a42f-4a82-aa40-df113809295b) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5118.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-GB (HKLM-x32\...\{C438C1D0-A46C-4BFA-AF02-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Elevated Installer (HKLM-x32\...\{C913E211-2AC5-4BA8-8AC3-4B2814371BD3}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
ETTA Table Tennis Manager (HKLM-x32\...\ETTA Table Tennis Manager6.0) (Version: 6.0 - English Table Tennis Association)
Farm Frenzy (HKLM-x32\...\WTA-affd67c8-1223-40fa-9808-c172f04608dc) (Version: 2.2.0.98 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{3EF3A6E8-CCBF-492E-B179-28838182B8F0}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{e174e9f0-1f1d-4284-b0d1-238b43f8ac1b}) (Version: 7.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP ENVY 5540 series Basic Device Software (HKLM\...\{7F9C00D2-32F6-4844-AC17-290D5F06F186}) (Version: 40.11.1119.1786 - HP Inc.)
HP ENVY 5540 series Help (HKLM-x32\...\{3B1BE080-D477-4B94-AAE4-8B0BEC5D0CE3}) (Version: 35.0.0 - Hewlett Packard)
HP ENVY Photo 6200 series Basic Device Software (HKLM\...\{6AD4613B-4E47-4D35-9A23-7DA15DE4EAA2}) (Version: 44.4.2678.1977 - HP Inc.)
HP ENVY Photo 6200 series Help (HKLM-x32\...\{B0F106A0-9B78-461B-90B6-E70B13968DC4}) (Version: 44.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.34.31 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.16.22.11 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
IrfanView 4.53 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.53 - Irfan Skiljan)
iTunes (HKLM\...\{4F1F8D6D-AF14-41EB-B17D-3EC95C8E86A1}) (Version: 12.10.10.2 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-4f82c505-bc53-4741-8445-5d70588e8279) (Version: 2.2.0.98 - WildTangent) Hidden
K-Lite Codec Packages (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\K-Lite Codec Packages) (Version: - ) <==== ATTENTION
Mahjongg Artifacts (HKLM-x32\...\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc) (Version: 2.2.0.110 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{143E35D3-F0A4-4E90-96C9-B1B72F11343A}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 81.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 81.0 (x64 en-GB)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0 - Mozilla)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-a44df564-86a1-430c-923e-eda6915214e8) (Version: 2.2.0.97 - WildTangent) Hidden
Product Improvement Study for HP ENVY 5540 series (HKLM\...\{9E4F436B-5B50-4D84-954A-5C8A18CEB836}) (Version: 40.11.1119.1786 - HP Inc.)
Product Improvement Study for HP ENVY Photo 6200 series (HKLM\...\{7AC0EECB-58C5-4907-989F-C779E15037B5}) (Version: 44.4.2678.1977 - HP Inc.)
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-555c3930-552b-4976-833e-03bce5a1ad1e) (Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Sky Go 20.5.2.0 (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\com.bskyb.skygoplayer_is1) (Version: 20.5.2.0 - Sky)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32\...\WTA-4114008f-2824-43ee-b949-0d70a6fa008c) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
UpdateAssistant (HKLM\...\{B8B01E04-5393-4902-98E6-0E2787F03C80}) (Version: 1.13.0.0 - Microsoft Corporation) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-b58d4b20-60b1-4601-8886-64c125713517) (Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (HKLM-x32\...\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32) (Version: 2.2.0.98 - WildTangent) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Wedding Dash (HKLM-x32\...\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22395 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
Zoho Assist (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\Zoho Assist) (Version: 111.0.3.92 - Zoho Corporation)
Zoom (HKU\S-1-5-21-3637880556-865379904-740243096-1002\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51) (Version: 2.2.0.98 - WildTangent) Hidden
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-07] (WildTangent Games)
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-12] (Box, Inc.)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1940.2.0_x86__kgqvnymyfvs32 [2021-01-27] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220 [2020-12-28] (Dolby Laboratories)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-25] (eBay, Inc)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-04] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-28] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-20] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-17] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-07] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-21] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-06-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-21] (Microsoft Corporation)
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2021-01-05] (Snapfish)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-31] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2014-04-01] (CYBERLINKCOM CORP)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3637880556-865379904-740243096-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-3637880556-865379904-740243096-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2015-09-13] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2013-11-27 19:57 - 2013-02-01 11:15 - 000027136 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-09-25 06:48 - 2013-09-25 06:48 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 002541056 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:24 - 2013-10-14 11:24 - 000627200 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 000035328 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2020-12-26 19:26 - 2020-12-26 19:26 - 000168960 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\DAXRPCClient.dll
2020-12-26 19:26 - 2020-12-26 19:26 - 037805568 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\DolbyAccess.dll
2020-04-17 19:21 - 2020-04-17 19:22 - 001165824 _____ () [File not signed] C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.7.337.0_x64__rz1tebttyb220\e_sqlite3.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\xerces-c_3_1.dll
2013-10-14 11:34 - 2013-10-14 11:34 - 000765440 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2013-10-14 11:23 - 2013-10-14 11:23 - 000690176 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 001097216 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 20:08 - 2010-11-18 20:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-08-31 18:20 - 2020-08-31 18:20 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-08-31 18:20 - 2020-08-31 18:20 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2013-10-14 11:35 - 2013-10-14 11:35 - 001297296 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000306064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000599952 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 000208272 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ldapdrv.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 002075536 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icudt48.dll
2013-11-27 19:57 - 2012-03-27 14:15 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Notes\Core\icuuc48.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:10894A2E [144]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Dom Bank S.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Dom Bank S.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Ryan Bank S.jpg:3or4kl4x13tuuug3Byamue2s4b [95]
AlternateDataStreams: C:\Users\ryanstockham\Documents\Ryan Bank S.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-3637880556-865379904-740243096-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {725728BD-238F-40AB-8004-CB625BC56DB0} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB1067D20140501&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3637880556-865379904-740243096-1002 -> {FDDCB575-7293-4848-8477-A979CFB7A874} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-17] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 13:25 - 2013-08-22 13:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-03-11 00:03 - 2018-03-11 00:03 - 000000435 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3637880556-865379904-740243096-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: MgAssistService => 2
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "EPSON Stylus DX4800"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5163C79D-1DD4-4AD5-8402-D6E5396CB17F}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0FE1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{3E2EE33F-63A2-453A-BE3A-4E5FAA528E87}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0FE1\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C46793C4-EBEC-400C-8878-B99C9F36F70C}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{861041A2-93A0-48B2-A969-391FBEB0825B}] => (Allow) C:\Program Files\HP\HP ENVY Photo 6200 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{FDA81B64-C331-439F-9526-AE7895FD5944}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS031D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{1F23126C-14B3-44C4-862C-736A588BC095}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS031D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{4B1EED48-27AC-4AF3-A850-F8A25D14DA35}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS023F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2B1ECBA0-3213-4498-9598-41CFB1A11BDD}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS023F\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{FFBCAC54-9732-4A07-8077-58F7044CCB51}] => (Allow) C:\Users\ryanstockham\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9602C371-1446-49DA-85EF-FDAA25EAF840}] => (Allow) C:\Users\ryanstockham\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{E5B7B384-6CAD-4975-A115-3E49FD349409}C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
FirewallRules: [TCP Query User{472B9151-F14B-48F1-9677-2DDB4AF54710}C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe] => (Allow) C:\users\ryanstockham\appdata\roaming\sky\sky go\sky go.exe (Sky UK Limited -> Sky UK)
FirewallRules: [{F5EF4ECA-E292-40DB-BCC4-F3F6C933498E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{807E2D63-974C-494E-B4EF-FBD5B1EE0B12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9CA41EE-5901-4E22-A0A3-11560DDD0FDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C964DB7-1490-4040-B9EA-C7267D920A81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B3BA5091-F4BA-45A2-879E-DE62DA1D4FDA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{2786685C-F1E3-4171-98B7-B8BF30E17FB0}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C288755-76FE-4DBC-AD8C-07D104DC428A}] => (Allow) LPort=2869
FirewallRules: [{ED49264E-7943-4CA5-A39F-0B3E760A3B53}] => (Allow) LPort=1900
FirewallRules: [{FF9639B3-C981-46E8-BBEA-C45367A8AE5F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{CC31FEEA-D33A-4894-AD1F-DB20EBF599EB}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{EA2FE627-C9EE-4977-BF4E-EDD6B4EEFFB6}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{7D7A3D59-BDC6-4B75-A5D8-598931A23BDA}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\HPConnectedMusic.exe (Meridian Audio Ltd -> Meridian Audio Ltd)
FirewallRules: [{5C734C0D-A1F5-4C1F-91E2-6C39B3B66CD8}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{6F677648-DB26-4546-B490-D4CE4F55A6A3}] => (Allow) C:\Users\ryanstockham\AppData\Local\HPConnectedMusic\Application\spotify_helper.exe (Meridian Audio Ltd -> )
FirewallRules: [{BBE6837D-AE7C-4664-A662-FAD3A195270B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D8D8C44-8931-4398-8BF4-BE49B82DF10E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BCE7455-FC28-4877-9956-E2F4998FBBD0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C16152F3-8BC8-4B12-8CEF-1BF6DCEF75C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B37E0D90-3637-4094-9EF5-5F7DB6F85613}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{630D48EE-F2AD-4CFC-A314-E5104EAC901C}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{77579108-865F-4DE4-8B23-3D56CE059778}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{849CF2EE-1ACD-4467-B0B5-632772EBD749}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{6E327951-AAA4-430E-8659-81282FCABD3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{38CED2FF-7108-453B-9BE6-464C14DDB506}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{703FC5D0-1A00-4C42-B097-2AE36ED25F31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{536DBC4A-C8D0-44A1-8DB5-40DE1363C398}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zSE38D.tmp\SymNRT.exe => No File
FirewallRules: [{24CCB70F-02E2-4BE5-92A4-3B36D23E16B7}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zSE38D.tmp\SymNRT.exe => No File
FirewallRules: [{31669E32-9AC9-4C46-8BF7-D1B403FB0EE4}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS7A3B\HP.EasyStart.exe => No File
FirewallRules: [{69FFE612-16E4-4A24-8893-320846FCA2BF}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{C1E51EE7-D7F4-43FE-90CF-766DDA03BFDB}] => (Allow) LPort=5357
FirewallRules: [{3A663CD6-938F-4041-ABEA-D06F4E219785}] => (Allow) C:\Program Files\HP\HP ENVY 5540 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{94481EEF-0A23-4993-B5C9-6A960DFDF107}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{80A036F8-1EEE-46EE-A2DF-6299D0C73450}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0EB9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{147F7B30-7285-4BCA-97D3-38DB300DB4C5}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS0EB9\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{2F0EB68B-2280-4395-AC33-D305BED65535}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS17AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F5FE87D9-1F18-4DFB-A97B-FE7E84BAA2BC}] => (Allow) C:\Users\ryanstockham\AppData\Local\Temp\7zS17AA\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F8667F12-0D41-4622-A499-F2CF692A145E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B4341BCE-2D67-4267-96BB-8326B9115D28}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E57398F3-A0AB-476C-9BF9-C0274BF2BA43}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F6499384-6DA5-4A8E-A0FC-5C0A46E5408C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1E072D5-3A91-4462-BEFB-00F9F60B352E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC5F7AA2-4B39-46B3-96D9-23FDCDC67FCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{33A93EB4-DACD-40E7-B59B-F609DE336B70}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A312F62E-0ACE-4033-88E6-BAFBD221AC73}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A8E60DF9-2EE7-4C33-82C8-762299B4F4A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50E061F8-6FEC-4D07-8F86-DDCF3A8E9E64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8877470F-5CBC-4B38-B2D1-FBF0D03D52DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22A8634D-184D-4039-9F71-22D0D06C1FB8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64AA3B39-37F2-45C1-A5E4-30A84813390A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{677E7B4D-AE34-4644-9A4B-FFCDA21CA031}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{99C78A4E-A545-4E76-8A5F-7E84390BAF07}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{031F41D8-BFC0-4AF0-B417-337252684229}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E56F6D05-2809-4633-AAD4-1CCC5473F335}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
17-01-2021 13:37:58 Scheduled Checkpoint
24-01-2021 17:55:10 Scheduled Checkpoint
31-01-2021 18:56:43 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (02/01/2021 04:35:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2b80
Start Time: 01d6f8b5353090a5
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 80fb961c-374c-4144-896a-d3eaf63234e6
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Quiesce
Error: (02/01/2021 03:55:32 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 03:55:24 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:19:32 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:19:27 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:07:50 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 02:07:44 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
Error: (02/01/2021 01:41:00 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed
System errors:
=============
Error: (02/01/2021 04:03:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 03:58:24 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR34.
Error: (02/01/2021 03:55:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR34.
Error: (02/01/2021 02:24:11 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 02:20:45 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR26.
Error: (02/01/2021 02:19:47 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR26.
Error: (02/01/2021 02:12:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (02/01/2021 02:09:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Windows Defender:
===================================
Date: 2021-02-01 16:23:19.5900000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F8F3148E-AEB2-4BED-9387-3C90FF38EA61}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-31 18:07:59.1520000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {43AB4488-BD74-4FB2-80AF-449996AA2877}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-27 15:50:23.2980000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {1A605073-7376-4C03-8824-76398605B15F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-27 15:44:04.8540000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {0F040E74-812F-4FEC-9CF8-926D94390CC3}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-24 17:37:52.9320000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5704F423-9D1F-4BD6-8C95-7679AE785885}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2021-01-31 17:45:58.5890000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2954.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17800.5
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2021-01-24 17:20:33.9420000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-01-24 17:20:33.9400000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2021-01-24 17:20:33.9380000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.2773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
Date: 2020-12-13 19:49:32.5250000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.329.38.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17700.4
Error code: 0x80070102
Error description: The wait operation timed out.
CodeIntegrity:
===================================
Date: 2020-09-26 14:25:50.7540000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-09-15 17:41:45.9460000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-09-15 17:40:58.9920000Z
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\WindowManagementAPI.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Insyde F.16 11/13/2014
Motherboard: Hewlett-Packard 216B
Processor: AMD A8-4555M APU with Radeon™ HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 7366.26 MB
Available physical RAM: 2937.03 MB
Total Virtual: 8518.26 MB
Available Virtual: 3111.41 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:911.6 GB) (Free:496.59 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.17 GB) (Free:1.8 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (NAVIGON) (Removable) (Total:3.63 GB) (Free:0.15 GB) FAT32
\\?\Volume{c0730b28-62ce-441f-94f9-de1d5b8b4eb7}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS
\\?\Volume{79ec50d0-6364-4303-9844-652c3d8f196f}\ () (Fixed) (Total:0.97 GB) (Free:0.36 GB) NTFS
\\?\Volume{62f33f8e-81ca-42c3-8c0c-7e7b65db2080}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CF9F01CA)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 3.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
#5
Posted 01 February 2021 - 10:57 AM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
csrss.exe is a legit Windows system file.
What is the location of the copy of csrss.exe you are concerned about?
I'm reviewing your logs and will get back to you soon.
#6
Posted 01 February 2021 - 11:00 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Thank you. It may well be another issue. Programmes take a long time to load, sometimes they won't open at all and i've been told it some drivers may not be working properly.
#7
Posted 02 February 2021 - 08:38 PM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
Hi covphoenix
There are some errors in your logs related to the hard drive. Before completing the steps below, back up any important information from your computer (see here)
---------------------------------------------------
CHKDSK /R
There are some errors in your logs related to the hard drive. Before completing the steps below, back up any important information from your computer (see here)
---------------------------------------------------
CHKDSK /R
- Press the Windows Key + R. This will open the Run box.
- Type cmd and press Ctrl + Shift + Enter.
- A command prompt window will open. Type chkdsk /r (note the space between chkdsk and /r) and press Enter.
- A message will appear stating that chkdsk will schedule the disk check until the next reboot. Press Y to continue.
- Restart your computer. Before Windows loads, chkdsk will begin scanning your hard drive for bad sectors and attempt to repair them. This may take some time.
- Once it is complete, your computer will boot to Windows.
- Press the Windows Key + R. Type eventvwr and press Enter.
- The Event Viewer window will open.
- In the left pane, expand "Windows Logs" and then click on Application.
- In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
- Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
- Click on that Wininit entry to select it.
- On the top main menu, click Action > Copy > Copy Details as Text.
- Paste the contents into your next reply.
#8
Posted 03 February 2021 - 04:25 PM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 03/02/2021 22:12:53
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Ryan-PC
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
A disk check has been scheduled.
Windows will now check the disk.
Stage 1: Examining basic file system structure ...
681728 file records processed.
File verification completed.
Phase duration (File record verification): 32.67 seconds.
10739 large file records processed.
Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 2.26 milliseconds.
Stage 2: Examining file name linkage ...
22506 reparse records processed.
908918 index entries processed.
Index verification completed.
Phase duration (Index verification): 4.66 minutes.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 6.46 seconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 17.62 seconds.
22506 reparse records processed.
Phase duration (Reparse point and Object ID verification): 172.14 milliseconds.
Stage 3: Examining security descriptors ...
Cleaning up 12531 unused index entries from index $SII of file 0x9.
Cleaning up 12531 unused index entries from index $SDH of file 0x9.
Cleaning up 12531 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
Phase duration (Security descriptor verification): 1.45 seconds.
113596 data files processed.
Phase duration (Data attribute verification): 2.38 milliseconds.
CHKDSK is verifying Usn Journal...
36720376 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 529.18 milliseconds.
Stage 4: Looking for bad clusters in user file data ...
681712 files processed.
File data verification completed.
Phase duration (User file recovery): 2.27 hours.
Stage 5: Looking for bad, free clusters ...
130102736 free clusters processed.
Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
955877994 KB total disk space.
434375456 KB in 445849 files.
273680 KB in 113599 indexes.
0 KB in bad sectors.
817910 KB in use by the system.
65536 KB occupied by the log file.
520410948 KB available on disk.
4096 bytes in each allocation unit.
238969498 total allocation units on disk.
130102737 allocation units available on disk.
Total duration: 2.36 hours (8511638 ms).
Internal Info:
00 67 0a 00 eb 88 08 00 38 e2 0e 00 00 00 00 00 .g......8.......
67 57 00 00 83 00 00 00 00 00 00 00 00 00 00 00 gW..............
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2021-02-03T22:12:53.7171381Z" />
<EventRecordID>9724</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Ryan-PC</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.
A disk check has been scheduled.
Windows will now check the disk.
Stage 1: Examining basic file system structure ...
681728 file records processed.
File verification completed.
Phase duration (File record verification): 32.67 seconds.
10739 large file records processed.
Phase duration (Orphan file record recovery): 0.00 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 2.26 milliseconds.
Stage 2: Examining file name linkage ...
22506 reparse records processed.
908918 index entries processed.
Index verification completed.
Phase duration (Index verification): 4.66 minutes.
0 unindexed files scanned.
Phase duration (Orphan reconnection): 6.46 seconds.
0 unindexed files recovered to lost and found.
Phase duration (Orphan recovery to lost and found): 17.62 seconds.
22506 reparse records processed.
Phase duration (Reparse point and Object ID verification): 172.14 milliseconds.
Stage 3: Examining security descriptors ...
Cleaning up 12531 unused index entries from index $SII of file 0x9.
Cleaning up 12531 unused index entries from index $SDH of file 0x9.
Cleaning up 12531 unused security descriptors.
CHKDSK is compacting the security descriptor stream
Security descriptor verification completed.
Phase duration (Security descriptor verification): 1.45 seconds.
113596 data files processed.
Phase duration (Data attribute verification): 2.38 milliseconds.
CHKDSK is verifying Usn Journal...
36720376 USN bytes processed.
Usn Journal verification completed.
Phase duration (USN journal verification): 529.18 milliseconds.
Stage 4: Looking for bad clusters in user file data ...
681712 files processed.
File data verification completed.
Phase duration (User file recovery): 2.27 hours.
Stage 5: Looking for bad, free clusters ...
130102736 free clusters processed.
Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
955877994 KB total disk space.
434375456 KB in 445849 files.
273680 KB in 113599 indexes.
0 KB in bad sectors.
817910 KB in use by the system.
65536 KB occupied by the log file.
520410948 KB available on disk.
4096 bytes in each allocation unit.
238969498 total allocation units on disk.
130102737 allocation units available on disk.
Total duration: 2.36 hours (8511638 ms).
Internal Info:
00 67 0a 00 eb 88 08 00 38 e2 0e 00 00 00 00 00 .g......8.......
67 57 00 00 83 00 00 00 00 00 00 00 00 00 00 00 gW..............
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>
#9
Posted 04 February 2021 - 08:36 PM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
Thanks for the log.
Are there specific programs that take a long time to open or are they generally slow?
Do you still receive the messages about the non working drivers?
Are there specific programs that take a long time to open or are they generally slow?
Do you still receive the messages about the non working drivers?
#10
Posted 05 February 2021 - 04:41 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
Hi, In general they are all slow. The garmin app sometimes won't open at all, Web browsers can sometimes take upto a minute or so to open, excel and word the same.
I don't get messages about the drivers, i just had someone tell me that some of them are not working. Is there any way of updating them all?
#11
Posted 07 February 2021 - 09:33 PM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
Please download and run the following tools. If you have any problems running either program, skip that one and move to the next. Include any error messages in your next reply
---------------------------------------------------
AdwCleaner
Download AdwCleaner and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now ...
- When the scan has finished a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Files tab ...
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
---------------------------------------------------
ESET Online Scanner
Download ESET Online Scanner and save it to your desktop.
- Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
- When the tool opens, click Get Started.
- Read and accept the license agreement.
- At the Welcome to ESET Online Scanner window, click Get Started.
- Select whether you would like to send anonymous data to ESET.
- Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
- Click on the Full Scan option.
- Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
- ESET will now begin scanning your computer. This may take some time.
- When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
- ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
- On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
- Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------
In your next reply
- Please include both logs and let me know how the computer is doing
- AdwCleaner log
- Eset log
#12
Posted 08 February 2021 - 07:03 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
<?xml version="1.0" encoding="UTF-8"?>
-<ESET>
-<LOG>
-<RECORD>
<COLUMN NAME="Log">Scan Log</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Version of detection engine: 22776 (20210208)</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Date: 08/02/2021 Time: 09:11:28</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Scanned disks, folders and files: Operating memory;C:\Boot sectors/UEFI;D:\Boot sectors/UEFI;C:\;D:\;WMI database;System registry</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\DumpStack.log.tmp - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe - a variant of Win32/ReImageRepair.O potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Client\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppvIsvStream64.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\130\AppvIsvStream32.dll - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files (x86)\Mobogenie\Device.dll - a variant of Win32/Adware.Mobogenie.A application - cleaned by deleting [1]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » WISE0132.DLL - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » file_00000002.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIo.inf - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIo.cat - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIox86.sys - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIox64.sys - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » WISE0132.DLL - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » file_00000002.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\SWSetup\Drivers\VID_TRPV\Packages\Apps\CCC2\Fuel\ccc-fuel.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Comms\UnistoreDB\USS.jtx - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Comms\UnistoreDB\store.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Comms\UnistoreDB\store.vol - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Comms\UnistoreDB\tmp.edb - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\usrClass.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\usrClass.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\Windows\usrClass.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\GameBarElevatedFT_Alias.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Microsoft.SkypeApp_kzf8qxf38zg5c\Skype.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Microsoft.XboxGamingOverlay_8wekyb3d8bbwe\GameBarElevatedFT_Alias.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Skype.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\Spotify.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\Spotify.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\python.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Microsoft\WindowsApps\python3.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\Microsoft.YourPhone_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\LocalLow\Oracle\Java\jre1.8.0_77\java_sp.dll » EMB » [#4]Resource[2015][13] - a variant of Win32/YahooSearch.C potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\LocalLow\Oracle\Java\jre1.8.0_77\java_sp.dll » EMB » [#0]Resource[5110][0] - a variant of Win32/Distromatic.E potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Roaming\0S1F1O2Z0S2Y1H1T\K-Lite Codec Packages\uninstaller.exe - Win32/InstallCore.AZ potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Roaming\systweak\ssd\SSDPTstub.exe » INNO » script_decompiled.pas - Win32/Systweak.G potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » WISE0132.DLL - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » WizWin32a.dll - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000002.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » W32INST_PATH_ - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » READMEFILE - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000003.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000004.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000005.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000006.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000007.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000008.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » UNINSTALL_PATH - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » DLSol_gh_logo.png - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » DL_Sol_pickBG.jpg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Track 3.ogg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Track 4.ogg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Track 2.ogg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Track 1.ogg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Track 5.ogg - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » readme.txt - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » Solitaire.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » solitaire.dll - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_00000009.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_0000000A.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Documents\Mum Travel drive\BRIDGE\InstallSolitaire.EXE » EMB » [#0]FileZ » WISE » file_0000000B.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Downloads\K-Lite_Setup [1].exe » INNO » - unsupported option</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Downloads\ReimageRepair.exe - a variant of Win32/ReImageRepair.K potentially unwanted application - action selection postponed until scan completion</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Downloads\setupv602.exe » INDIGOROSE - unsupported option</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\NTUSER.DAT - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\ntuser.dat.LOG1 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\ntuser.dat.LOG2 - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » WISE0132.DLL - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » file_00000002.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIo.inf - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIo.cat - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIox86.sys - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » AmdIox64.sys - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary20 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » WISE0132.DLL - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » file_00000002.bin - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\Installer\317ff.msi » MSI » Binary.NewBinary21 » EMB » [#0]FileZ » WISE » devcon.exe - is OK</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\SoftwareDistribution\DataStore\DataStore.edb - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\edb.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\edbtmp.log - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\hiberfil.sys - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\pagefile.sys - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\swapfile.sys - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe - a variant of Win32/ReImageRepair.O potentially unwanted application - cleaned by deleting [1]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Roaming\0S1F1O2Z0S2Y1H1T\K-Lite Codec Packages\uninstaller.exe - unable to open [4]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\Roaming\systweak\ssd\SSDPTstub.exe » INNO » script_decompiled.pas - Win32/Systweak.G potentially unwanted application - cleaned by deleting [1]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\Downloads\ReimageRepair.exe - a variant of Win32/ReImageRepair.K potentially unwanted application - cleaned by deleting [1]</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\LocalLow\Oracle\Java\jre1.8.0_77\java_sp.dll » EMB » [#4]Resource[2015][13] - a variant of Win32/YahooSearch.C potentially unwanted application - retained</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">C:\Users\ryanstockham\AppData\LocalLow\Oracle\Java\jre1.8.0_77\java_sp.dll » EMB » [#0]Resource[5110][0] - a variant of Win32/Distromatic.E potentially unwanted application - retained</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Number of scanned objects: 552162</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Number of detections: 7</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Number of cleaned objects: 4</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Time of completion: 12:45:51 Total scanning time: 12863 sec (03:34:23)</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log"/>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">Notes:</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">[1] Object has been deleted as it only contained the virus body.</COLUMN>
</RECORD>
-<RECORD>
<COLUMN NAME="Log">[4] Object cannot be opened. It may be in use by another application or operating system.</COLUMN>
</RECORD>
</LOG>
</ESET>
#13
Posted 08 February 2021 - 07:03 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-08-2021
# Duration: 00:01:35
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 136
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.InstallCore C:\Users\ryanstockham\AppData\Roaming\0s1f1o2z0s2y1h1t
PUP.Optional.Legacy C:\Program Files (x86)\Mobogenie
PUP.Optional.Legacy C:\Users\ryanstockham\AppData\Local\Mobogenie
PUP.Optional.Legacy C:\Users\ryanstockham\Documents\Mobogenie
PUP.Optional.Reimage C:\Program Files\Reimage
PUP.Optional.SysTweak C:\Users\ryanstockham\AppData\Roaming\Systweak
***** [ Files ] *****
PUP.Optional.Legacy C:\Users\ryanstockham\daemonprocess.txt
PUP.Optional.Reimage C:\Users\ryanstockham\Downloads\ReimageRepair.exe
PUP.Optional.Reimage C:\Windows\Reimage.ini
PUP.Optional.Reimage C:\Windows\System32\reimage.rep
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.BrowseFox HKCU\Software\Mega Browse
PUP.Optional.BrowseFox HKLM\Software\Wow6432Node\Mega Browse
PUP.Optional.BrowseFox.A HKLM\Software\Wow6432Node\\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
PUP.Optional.InstallCore HKCU\Software\InstallCore
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy HKCU\Software\SoftSuma
PUP.Optional.Legacy HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|mobilegeni daemon
PUP.Optional.Legacy HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\services\MgAssistService
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
PUP.Optional.Reimage HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage HKCU\Software\Reimage
PUP.Optional.Reimage HKCU\Software\reimagerepair
PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine
PUP.Optional.Reimage HKLM\Software\Classes\REI_AxControl.ReiEngine.1
PUP.Optional.Reimage HKLM\Software\Reimage
PUP.Optional.SysTweak HKCU\Software\systweak
PUP.Optional.SysTweak HKLM\Software\Wow6432Node\systweak
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Babylon http://search.babylo...00000262221662e
PUP.Optional.Babylon http://search.babylo...00000262221662e
PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy http://isearch.avg.c...sa&d=2012-06-1715:00:29&v=11.1.0.7&sap=hp
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPCoolSense Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Folder C:\Users\ryanstockham\AppData\Local\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Folder C:\Windows\System32\Tasks\HEWLETT-PACKARD\HP COOLSENSE
Preinstalled.HPCoolSense Registry HKLM\Software\Classes\CLSID\{224695A4-BD5E-4C38-B354-A4C828E61BF7}
Preinstalled.HPCoolSense Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{394B14EA-B072-4440-9510-87797CB12371}
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\ryanstockham\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\ryanstockham\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{55065080-504F-43BB-BE00-36B80D7D39A5}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ALOHA TRIPEAKS
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BUILD-A-LOT
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRADLE OF ROME 2
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\CRAZY CHICKEN SOCCER
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\FARM FRENZY
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\GOVERNOR OF POKER 2 PREMIUM EDITION
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\JEWEL MATCH 3
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\MAHJONGG ARTIFACTS
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\POLAR BOWLER
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\RANCH RUSH 2 - PREMIUM EDITION
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\TRINKLIT SUPREME
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VACATION QUEST - AUSTRALIA
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\VIRTUAL FAMILIES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\WEDDING DASH
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\ZUMAS REVENGE
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-1e456a30-1a1b-49a2-a343-f21af1307b33
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2007c5e1-9ff2-4f74-8bbe-59c78e48b8fc
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-2e19e36e-af6f-424f-87e0-3b6826581a6c
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-33c68fa6-286f-4bb9-a71a-50d945ff07a9
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4114008f-2824-43ee-b949-0d70a6fa008c
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-42aa25fb-5d4c-4b44-9337-22fed995bc51
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-4f82c505-bc53-4741-8445-5d70588e8279
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-555c3930-552b-4976-833e-03bce5a1ad1e
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-6dd5610a-c1d8-4c32-b9d3-8b816eb1098d
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-93bc918a-ac36-4c5a-8d13-15f5626887cc
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-a44df564-86a1-430c-923e-eda6915214e8
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-affd67c8-1223-40fa-9808-c172f04608dc
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b58d4b20-60b1-4601-8886-64c125713517
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-b5b8a571-a42f-4a82-aa40-df113809295b
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-d1f3ee01-b341-4d85-8a03-aad3ff6471dc
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e04c4a9a-5da6-4be7-b798-6abe93c7f98d
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WTA-e805b0fd-f24d-4fa5-949c-db0dd8e7df32
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-darkorbit
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-mahjonggdarkdimensions
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-seafight
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-hp-worldofwarcraft
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-hp-genres
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
#14
Posted 09 February 2021 - 09:05 PM
iMacg3
-
- GeekU Moderator
-
- 1,921 posts
GeekU PowerPC G3
AdwCleaner - Clean
- Double click AdwCleaner.exe to run it.
- Click Scan Now
- When the scan has finished a Scan Results window will open.
- Please check the following boxes and then click Quarantine
- Click Next
-
- If any pre-installed software was found on your machine, a prompt window will open ...
- Click OK to close it
- Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
- Click Quarantine
- If any pre-installed software was found on your machine, a prompt window will open ...
- A prompt to save your work will appear ...
- Click Continue when you're ready to proceed.
- A prompt to restart your computer will appear ...
- Click Restart Now
- Once your computer has restarted ...
- If it doesn't open automatically, please start ADWCleaner ...
- Click the Log Files tab ...
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
---------------------------------------------------
In your next reply, please include:
- AdwCleaner[C0*].txt
#15
Posted 10 February 2021 - 04:03 AM
covphoenix
- Topic Starter
-
- Member
-
- 78 posts
Member
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-10-2021
# Duration: 00:00:15
# OS: Windows 10 Home
# Cleaned: 47
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Mobogenie
Deleted C:\Program Files\Reimage
Deleted C:\Users\ryanstockham\AppData\Local\Mobogenie
Deleted C:\Users\ryanstockham\AppData\Roaming\0s1f1o2z0s2y1h1t
Deleted C:\Users\ryanstockham\AppData\Roaming\Systweak
Deleted C:\Users\ryanstockham\Documents\Mobogenie
***** [ Files ] *****
Deleted C:\Users\ryanstockham\daemonprocess.txt
Deleted C:\Windows\Reimage.ini
Deleted C:\Windows\System32\reimage.rep
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\InstallCore
Deleted HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted HKCU\Software\Mega Browse
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKCU\Software\Reimage
Deleted HKCU\Software\SoftSuma
Deleted HKCU\Software\reimagerepair
Deleted HKCU\Software\systweak
Deleted HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|mobilegeni daemon
Deleted HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted HKLM\Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Deleted HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\MgAssistService
Deleted HKLM\Software\Reimage
Deleted HKLM\Software\Wow6432Node\Mega Browse
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted HKLM\Software\Wow6432Node\systweak
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Search the web (Babylon)
Deleted Search the web (Babylon)
Deleted http://isearch.avg.c...sa&d=2012-06-1715:00:29&v=11.1.0.7&sap=hp
Deleted http://search.babylo...00000262221662e
Deleted http://search.babylo...00000262221662e
Not Deleted AVG Secure Search
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [17396 octets] - [08/02/2021 08:44:28]
AdwCleaner[S01].txt - [17375 octets] - [10/02/2021 09:55:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
