Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop has become very slow

Started by Beatriceswiss , May 11 2021 02:10 PM

  • Please log in to reply

#1
Beatriceswiss
Posted 11 May 2021 - 02:10 PM

Beatriceswiss

    Member

  • Member
  • PipPip
  • 80 posts

My laptop has really slowed down over the last few weeks.  There are no redirects, or unusual pop-up ads, other than normal advertising.  It is slow when I surf the web, use emails, cutting and pasting of documents.  Any help would be greatly apprectiated. Thank you.  Scans are provided below.

 

 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [166144 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare Software Co., Ltd.  -> Wondershare)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Beatrice\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=866453ef907a47d2a1e59913f05f23cd-7b0c96f9aa992d7393c82dd82ae949bc32978813 /CMPID=0214c
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG -> Nero AG)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [uTorrent] => "C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\MountPoints2: {7bf13d53-2ea9-11e8-8342-485ab6bbca3e} - "F:\SISetup.exe" 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\MountPoints2: {d59268f8-af74-11e5-82de-485ab6bbca3e} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Start.exe
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpfpp083: C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll [254464 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\LMACGL4C: C:\Windows\System32\spool\prtprocs\x64\LMACGL4C.DLL [81920 2011-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Lexmark International Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 6412 Status Monitor: C:\Windows\system32\hpinksts6412LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet 4620 series): C:\Windows\system32\HPDiscoPM6412.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\hpf3l083.dll: C:\Windows\system32\hpf3l083.dll [134144 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2021-01-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Desktop Widget.lnk [2019-01-29]
ShortcutTarget: Jacquie Lawson Desktop Widget.lnk -> C:\Program Files (x86)\Jacquie Lawson Desktop Widget\Jacquie Lawson Desktop Widget.exe (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B19C810-13C3-4EF7-823B-BD17E1F76D93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {213C8E23-EF11-4771-9B02-67FF1D84C4A1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {2851BE0E-70F2-4659-B15D-B2FAD39288E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {3A918669-731A-4E2F-9697-B7F16E6AC905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {41D3515E-BCA9-4F9F-825D-D32EE3EA102C} - System32\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002 => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-05-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {52402E40-0599-4C9A-A41E-199DC7B9F7E0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {58B040EB-6780-459B-82DE-8AE267E10B50} - System32\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002 => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-05-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {5DA8520C-8C9E-4F90-BAC2-03C92A80859C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {ACC5647D-D2F3-4C2B-A471-FB634E0039B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {AEE99C6E-BE10-4C77-9879-423F5B78679C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {BABB5768-11E9-4561-AFCC-EA6483C9F4DC} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {CDC8479E-85C6-40AE-96B4-0432A5C3090C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{486B1D7C-1E02-42D5-B6AA-A45F73E675F1}: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 192.168.3.5 192.168.3.1
Tcpip\..\Interfaces\{A16B1061-4FB6-41C7-84E2-AFC95E3F2D72}: [DhcpNameServer] 192.168.42.129
 
Edge: 
=======
Edge Profile: C:\Users\Beatrice\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-27]
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default [2021-05-11]
CHR Notifications: Default -> hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://hmsd.edsby.com; hxxps://mail.google.com; hxxps://newtonsgrove.edsby.com; hxxps://nowtoronto.com; hxxps://web.skype.com; hxxps://www.680news.com; hxxps://www.explore-mag.com; hxxps://www.facebook.com; hxxps://www.myswitzerland.com; hxxps://www.point2homes.com; hxxps://www0.123movieshub.sc
CHR Extension: (Slides) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-27]
CHR Extension: (uBlock Origin) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-11]
CHR Extension: (Sheets) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-20]
CHR Extension: (Skype) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]
CHR Profile: C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [607488 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-26] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-04-18] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [522520 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-11 15:57 - 2021-05-11 15:59 - 000021776 _____ C:\Users\Beatrice\Desktop\FRST.txt
2021-05-11 15:56 - 2021-05-11 15:59 - 000000000 ____D C:\FRST
2021-05-11 15:55 - 2021-05-11 15:49 - 002298880 _____ (Farbar) C:\Users\Beatrice\Desktop\FRST64.exe
2021-05-11 15:49 - 2021-05-11 15:49 - 002298880 _____ (Farbar) C:\Users\Beatrice\Downloads\FRST64.exe
2021-05-11 13:53 - 2021-05-11 13:53 - 000481126 _____ C:\Users\Beatrice\Downloads\Popcorn 2021.pdf
2021-05-11 10:30 - 2021-05-11 10:30 - 000096204 _____ C:\Users\Beatrice\Desktop\Scanned from a Xerox Multifunction Printer (2).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (5).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (4).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (3).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (2).pdf
2021-05-11 10:26 - 2021-05-11 10:26 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (1).pdf
2021-05-11 09:52 - 2021-05-11 09:52 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer.pdf
2021-05-10 17:31 - 2021-05-10 17:31 - 000090191 _____ C:\Users\Beatrice\Downloads\Documents - I made the changes we discussed. (1).zip
2021-05-10 15:54 - 2021-05-10 15:54 - 000090191 _____ C:\Users\Beatrice\Downloads\Documents - I made the changes we discussed..zip
2021-05-10 15:51 - 2021-05-10 15:51 - 000804293 _____ C:\Users\Beatrice\Downloads\popcorn order Bill.pdf
2021-05-08 17:21 - 2021-05-08 17:21 - 000164190 _____ C:\Users\Beatrice\Downloads\Get ready to visit THEMUSEUM (2).zip
2021-05-08 14:41 - 2021-05-08 14:41 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (3).zip
2021-05-08 14:41 - 2021-05-08 14:41 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (2).zip
2021-05-08 12:50 - 2021-05-08 12:50 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (1).zip
2021-05-08 12:45 - 2021-05-08 12:45 - 000164190 _____ C:\Users\Beatrice\Downloads\Get ready to visit THEMUSEUM (1).zip
2021-05-07 13:13 - 2021-05-07 13:13 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please.zip
2021-05-06 09:18 - 2021-05-06 09:18 - 000023424 _____ C:\Users\Beatrice\Downloads\Renees-Garden-Cornucopia-For-Web.pdf
2021-05-04 20:56 - 2021-05-04 20:56 - 000000356 _____ C:\Users\Beatrice\Downloads\Danieltest_ May 4, 2021 at 4_00 PM - HealthCheck (1).csv
2021-05-04 18:34 - 2021-05-10 08:54 - 000000000 ____D C:\Users\Beatrice\Documents\Garden
2021-05-04 18:28 - 2021-05-04 18:28 - 000000356 _____ C:\Users\Beatrice\Downloads\Danieltest_ May 4, 2021 at 4_00 PM - HealthCheck.csv
2021-05-04 15:09 - 2021-05-04 15:09 - 000735181 _____ C:\Users\Beatrice\Downloads\popcorn order .zip
2021-05-04 14:01 - 2021-05-11 15:30 - 000000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002.job
2021-05-04 14:01 - 2021-05-11 12:39 - 000000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002.job
2021-05-04 14:01 - 2021-05-10 22:03 - 000003676 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-04 14:01 - 2021-05-10 22:03 - 000003580 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-04 14:01 - 2021-05-07 12:32 - 000000000 ____D C:\Users\Beatrice\AppData\Local\GoToMeeting
2021-05-04 14:00 - 2021-05-04 14:00 - 000000000 ____D C:\Users\Beatrice\AppData\Local\GoTo Opener
2021-05-03 19:00 - 2021-05-03 19:00 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-05-03 17:34 - 2021-05-03 17:34 - 000275796 _____ C:\Users\Beatrice\Downloads\April 27, 2021 - 22nd Toronto Scout Group Meeting.pdf
2021-05-03 14:44 - 2021-05-03 14:44 - 007595241 _____ C:\Users\Beatrice\Downloads\VID-20210124-WA0003.mp4
2021-05-03 14:26 - 2021-05-03 14:26 - 001241127 _____ C:\Users\Beatrice\Desktop\Application for Employment page 1.pdf
2021-05-03 14:24 - 2021-05-03 14:24 - 001431349 _____ C:\Users\Beatrice\Desktop\Application for Employment page 2.pdf
2021-05-03 13:53 - 2021-05-03 13:53 - 000105779 _____ C:\Users\Beatrice\Downloads\Carlton Cards Application Form.zip
2021-05-02 08:57 - 2021-05-02 08:57 - 000001873 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-05-02 08:57 - 2021-05-02 08:57 - 000001873 _____ C:\ProgramData\Desktop\Garmin Express.lnk
2021-05-02 08:57 - 2021-05-02 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-04-29 19:08 - 2021-04-29 19:08 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-29 19:08 - 2021-04-29 19:07 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-29 17:26 - 2021-04-29 17:27 - 000000000 ____D C:\Users\Beatrice\Desktop\Popcorn
2021-04-29 17:24 - 2021-05-02 11:58 - 000000000 ____D C:\Users\Beatrice\Desktop\Alison
2021-04-29 16:19 - 2021-04-29 16:19 - 000023411 _____ C:\Users\Beatrice\Downloads\Patagonia and Updates from Polar Latitudes.zip
2021-04-29 16:11 - 2021-04-29 16:11 - 000100578 _____ C:\Users\Beatrice\Downloads\RE_ Calls to Players.zip
2021-04-29 16:04 - 2021-04-29 16:06 - 000000022 _____ C:\Users\Beatrice\Downloads\Tonight's Meeting (1).zip
2021-04-29 09:50 - 2021-04-29 09:50 - 000035762 _____ C:\Users\Beatrice\Downloads\orderno.bmp
2021-04-29 09:32 - 2021-04-29 09:35 - 002215207 _____ C:\Users\Beatrice\Downloads\Tonight's Meeting.zip
2021-04-28 16:45 - 2021-04-28 16:45 - 000024496 _____ C:\Users\Beatrice\Downloads\SponsorReportApr21.pdf
2021-04-28 16:41 - 2021-04-28 16:41 - 000749506 _____ C:\Users\Beatrice\Downloads\statement (47).pdf
2021-04-28 16:37 - 2021-04-28 16:37 - 000200796 _____ C:\Users\Beatrice\Downloads\Donation of dictionaries.zip
2021-04-28 16:33 - 2021-04-28 16:33 - 002209437 _____ C:\Users\Beatrice\Downloads\FinApr29.pdf
2021-04-28 16:20 - 2021-04-28 16:20 - 000850173 _____ C:\Users\Beatrice\Downloads\PDF_104742096_2021-04-26_205.pdf
2021-04-27 11:10 - 2021-04-27 11:10 - 008014647 _____ C:\Users\Beatrice\Downloads\Fwd_ Innovators during Covid _).zip
2021-04-26 18:13 - 2021-04-26 18:13 - 010914729 _____ C:\Users\Beatrice\Downloads\Try One Of These.MP4.zip
2021-04-26 09:31 - 2021-04-26 09:31 - 005524781 _____ C:\Users\Beatrice\Downloads\Final notice - Virtual Meeting of Owners - May 11th, 2021, 7 p.m. - Smoking Rule.zip
2021-04-26 08:31 - 2021-04-26 08:31 - 000063035 _____ C:\Users\Beatrice\Downloads\Sales Invoice-Inv227548.pdf
2021-04-25 18:43 - 2021-04-25 18:48 - 000003069 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (69).csv
2021-04-25 16:49 - 2021-04-25 16:49 - 000010697 _____ C:\Users\Beatrice\Downloads\Registrations as of April 25, 2021.zip
2021-04-25 10:07 - 2021-04-25 10:07 - 000004131 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (68).csv
2021-04-25 10:01 - 2021-04-25 10:01 - 000000455 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (67).csv
2021-04-25 10:00 - 2021-04-25 10:00 - 000039653 _____ C:\Users\Beatrice\Downloads\league registration (offline registration 2021 (final)) for martingrove baseball.csv
2021-04-25 09:50 - 2021-04-25 09:50 - 000835804 _____ C:\Users\Beatrice\Downloads\popcorn order form-Marcus and Roman - April 2021.pdf
2021-04-23 09:15 - 2021-04-23 09:15 - 000000968 _____ C:\Users\Beatrice\Downloads\FW_ Confirmation.zip
2021-04-21 17:57 - 2021-04-21 17:57 - 011087851 _____ C:\Users\Beatrice\Downloads\UofGH Science Rendezvous Virtual Event __Take Me To Space__ (1).zip
2021-04-21 17:34 - 2021-04-21 17:34 - 011087851 _____ C:\Users\Beatrice\Downloads\UofGH Science Rendezvous Virtual Event __Take Me To Space__.zip
2021-04-21 11:48 - 2021-04-21 11:48 - 017379121 _____ C:\Users\Beatrice\Downloads\April 14- Courtyard pictures.pdf
2021-04-17 16:36 - 2021-04-17 16:36 - 000069170 _____ C:\Users\Beatrice\Downloads\TorontoHydro_16-04-21.pdf
2021-04-16 21:57 - 2021-04-16 21:57 - 054749861 _____ C:\Users\Beatrice\Downloads\NextLevel_HealthChecks (1).MP4
2021-04-16 21:40 - 2021-04-16 21:40 - 000030092 _____ C:\Users\Beatrice\Downloads\RE_ 3 different Covid check lists (1).zip
2021-04-16 17:09 - 2021-04-16 17:09 - 000097690 _____ C:\Users\Beatrice\Downloads\document-0 (24).pdf
2021-04-15 19:04 - 2021-04-15 19:04 - 000030092 _____ C:\Users\Beatrice\Downloads\RE_ 3 different Covid check lists.zip
2021-04-15 17:42 - 2021-04-15 17:42 - 000235848 _____ C:\Users\Beatrice\Downloads\Popcorn Campaign Launch - today (1).zip
2021-04-15 17:40 - 2021-04-15 17:40 - 000235848 _____ C:\Users\Beatrice\Downloads\Popcorn Campaign Launch - today.zip
2021-04-14 09:34 - 2021-04-01 00:34 - 001678040 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-04-14 09:05 - 2021-04-14 09:06 - 054749861 _____ C:\Users\Beatrice\Downloads\NextLevel_HealthChecks.MP4
2021-04-13 23:06 - 2021-04-13 23:06 - 003281391 _____ C:\Users\Beatrice\Downloads\Popcorn sales.zip
2021-04-13 10:37 - 2021-04-13 10:37 - 000052667 _____ C:\Users\Beatrice\Downloads\550573-7819.PDF
2021-04-13 10:28 - 2021-04-13 10:28 - 000091857 _____ C:\Users\Beatrice\Downloads\Peperoni-Bonbons.pdf
2021-04-12 17:58 - 2021-04-12 18:54 - 000000022 _____ C:\Users\Beatrice\Downloads\Photos (43).zip
2021-04-12 17:15 - 2021-04-12 17:15 - 036391629 _____ C:\Users\Beatrice\Downloads\Raised Bed Construction 2021 (1).zip
2021-04-12 17:15 - 2021-04-12 17:15 - 030435687 _____ C:\Users\Beatrice\Downloads\Photos (42).zip
2021-04-12 17:13 - 2021-04-12 17:38 - 000000022 _____ C:\Users\Beatrice\Downloads\Raised Bed Construction 2021.zip
2021-04-12 14:08 - 2021-04-12 14:08 - 003269975 _____ C:\Users\Beatrice\Downloads\Scouts Popcorn Fundraiser (2).zip
2021-04-11 17:08 - 2021-04-11 17:08 - 000268660 _____ C:\Users\Beatrice\Downloads\Daily Screening -08.03.21.pdf
2021-04-11 16:40 - 2021-04-11 16:40 - 000048658 _____ C:\Users\Beatrice\Downloads\Return To Play-2021 (1).pdf
2021-04-11 16:35 - 2021-04-11 16:35 - 000048658 _____ C:\Users\Beatrice\Downloads\Return To Play-2021.pdf
2021-04-11 14:58 - 2021-04-11 14:59 - 001736368 _____ C:\Users\Beatrice\Downloads\BeatriceUpdate.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-11 15:51 - 2014-02-24 22:57 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\ClassicShell
2021-05-11 15:33 - 2014-02-24 22:49 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-11 15:23 - 2015-10-24 19:58 - 000000000 ____D C:\ProgramData\Avg
2021-05-11 15:22 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-11 14:06 - 2013-10-07 03:40 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-05-11 08:53 - 2014-02-24 22:43 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{E86B3FDE-7E6F-4AC9-87C7-512C4E67B12B}
2021-05-11 08:44 - 2013-08-26 02:09 - 000958016 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-11 08:44 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2021-05-10 22:03 - 2019-03-28 22:30 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-05-10 22:03 - 2018-10-15 22:50 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-05-10 22:03 - 2018-03-23 10:24 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-10 22:03 - 2018-03-23 10:24 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-10 22:03 - 2017-09-03 22:59 - 000003916 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-05-10 22:03 - 2017-02-23 21:49 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A8BB549A-4BE4-455E-9E7D-0D0CF353FA4E}
2021-05-10 22:03 - 2015-01-14 23:35 - 000003554 _____ C:\Windows\system32\Tasks\GarminUpdaterTask
2021-05-10 22:03 - 2013-10-07 03:42 - 000002990 _____ C:\Windows\system32\Tasks\Synaptics TouchPad Enhancements
2021-05-10 21:46 - 2021-01-25 22:29 - 000013598 _____ C:\Users\Beatrice\Desktop\Investments.xlsx
2021-05-10 07:42 - 2021-01-08 09:09 - 000000000 ____D C:\Users\Beatrice\Desktop\Steven and Amanda's payments
2021-05-05 19:20 - 2021-01-22 13:08 - 000000000 ____D C:\Users\Beatrice\Documents\2021 registrations
2021-05-03 19:01 - 2020-03-25 10:38 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\Zoom
2021-05-03 15:13 - 2016-07-31 22:35 - 000000000 ____D C:\Users\Beatrice\Documents\recepies
2021-05-02 10:03 - 2018-07-17 10:23 - 000000000 ____D C:\Users\Beatrice\AppData\Local\CrashDumps
2021-05-02 09:00 - 2015-01-14 23:35 - 000000000 ____D C:\ProgramData\Garmin
2021-05-02 08:57 - 2015-01-14 23:35 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-05-02 08:57 - 2013-10-07 03:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-30 22:14 - 2014-03-30 14:01 - 000000000 ____D C:\Users\Beatrice\Documents\Bea
2021-04-29 19:08 - 2019-01-17 23:18 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-29 19:08 - 2017-09-03 22:59 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-29 19:07 - 2020-10-22 19:53 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-29 19:07 - 2020-06-16 22:42 - 000522520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-29 19:07 - 2018-10-23 23:07 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-29 19:07 - 2017-12-10 23:25 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-29 00:43 - 2014-02-24 22:39 - 000000000 ____D C:\Users\Beatrice
2021-04-27 23:14 - 2018-03-23 10:24 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 23:14 - 2018-03-23 10:24 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-27 23:14 - 2018-03-23 10:24 - 000002170 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-27 10:42 - 2014-07-01 15:43 - 002898432 ___SH C:\Users\Beatrice\Desktop\Thumbs.db
2021-04-24 18:16 - 2019-03-28 22:29 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 15:06 - 2021-02-25 12:19 - 000000000 ____D C:\Users\Beatrice\Desktop\Batch Output 2021-02-25-1119
2021-04-16 12:33 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2021-04-14 20:03 - 2013-08-22 10:44 - 000486480 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-14 09:57 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-04-14 09:55 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2021-04-14 09:45 - 2014-02-26 18:21 - 000000000 ____D C:\Windows\system32\MRT
2021-04-14 09:38 - 2014-02-26 18:20 - 131963968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-04-12 20:15 - 2020-04-05 22:11 - 000000000 ____D C:\Users\Beatrice\Documents\Zoom
 
==================== Files in the root of some directories ========
 
2014-04-06 09:24 - 2014-04-06 09:24 - 000000000 _____ () C:\Users\Beatrice\AppData\Roaming\bitlord_log.txt
2014-09-29 23:04 - 2019-07-17 11:20 - 000000539 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-29 23:03 - 2019-07-17 11:22 - 000003874 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-09-29 23:04 - 2019-07-17 11:20 - 000000539 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-01-25 19:37 - 2015-01-25 19:37 - 000003584 _____ () C:\Users\Beatrice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-05-10 16:41
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2021
Ran by Beatrice (11-05-2021 16:01:28)
Running from C:\Users\Beatrice\Desktop
Windows 8.1 (Update) (X64) (2014-02-25 02:41:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3281177217-869368764-2006139627-500 - Administrator - Disabled)
Beatrice (S-1-5-21-3281177217-869368764-2006139627-1002 - Administrator - Enabled) => C:\Users\Beatrice
Guest (S-1-5-21-3281177217-869368764-2006139627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3281177217-869368764-2006139627-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{1BC0225E-AF99-4434-92CC-615111CE698F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{C3D3E0B3-6B8D-4AF4-B49A-3583E512ECE8}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
File Viewer Plus 4 (HKLM-x32\...\{5C61A881-C34E-405E-8C33-800821A618CF}_is1) (Version: 4.0.1 - Sharpened Productions)
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{034F279C-D74E-42F2-8CEC-216E91969B29}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{afe06296-a3d5-48cf-88a2-77629aeb124b}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CASL Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.0.5.1 - HP)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{FF5C86D0-09EA-43B8-A11C-7B8F7DA7FC51}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zoom (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{1BD8B0E0-0FBF-4F56-8F11-CE09B34EAD2F}) (Version: 5.0.24936 - Zoom)
 
Packages:
=========
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-13] (Box, Inc.)
Browser Choice -> C:\Windows\BrowserChoice [2014-03-13] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-30] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-03-30] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-30] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-03-30] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-24] (AMZN Mobile LLC)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-04] (.-McAfee Inc-.)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-26] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-26] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-26] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-16] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-30] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-10-28] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-24] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-08] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2015-03-30] (CYBERLINKCOM CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3281177217-869368764-2006139627-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3281177217-869368764-2006139627-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2014-02-26 20:55 - 2006-12-11 03:14 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRar\rarext64.dll
2013-08-19 16:48 - 2013-08-19 16:48 - 000016896 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\5caf8dcde6219562e9675700f201fee9\A4.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\19c417a0e98dfe476b2b1b66e309f70c\AEM.Actions.CCAA.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\7cd947fba21d4208f00d7b234a037231\AEM.Plugin.EEU.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\a2463cb3d378e9f6e746cb68aa9a13ab\AEM.Plugin.Hotkeys.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\b2ab11bc9a2acb0d27d3579326d59183\AEM.Plugin.Audio.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\bd2cda4847f9c97cd7c3ca3676dab171\AEM.Plugin.DPPE.Shared.ni.dll
2021-02-14 09:56 - 2021-02-14 09:57 - 000281600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\d1fdf4a5acb048d5aceef1220522ef19\AEM.Plugin.Source.Kit.Server.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\9d94b66555d55fc6037514e8fe754092\AEM.Plugin.WinMessages.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\e4dea05701b9444308bc42ad8459ff8c\AEM.Plugin.REG.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\0b89671b96f75597d95354ce0e182101\AEM.Plugin.GD.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\799fdd0eaa6de40e4dd3d5947c9a20fe\AEM.Server.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\8b3e49d472d523a46e9eccb5f15e58a2\AEM.Server.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\61f71f1e2e67945f62ee5967ece27518\APM.Foundation.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\0d8b16a7907f6d53c7bfcc2f9f8cfd9f\ATICCCom.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\e3307acaedce87488704577cc9f14746\CCC.Implementation.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\9d31fc6c1d912ac659951955b6b12bd2\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000153088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\2d274aa0c01272c95de1a44ae71370e1\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\1d3a08facfef033e0547609e2ed36cca\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\1e050cb5ad6a08f42f6b8dba2a1133ac\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\a794f22d3ab272e6e0bf79bf56553614\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000072192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.398e7f7a#\f9ae277a2c2cf82b3935730aa4bc3e05\CLI.Aspect.A4.A4.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\0d4f481ae7d5461260288f9912b88f1c\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\3b987e16805b11555ffe7533d2737b9b\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\e65b702d70cad81b9ef8a7d1324dbcd9\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\e134e2350972c5a8ea1d77ef4aaef46f\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\115c55311870c6227c08dae465c79cc8\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\49cd26f6067a2f6e860548850dc5917b\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\c68b115bc7ca0903ded5dc6500acb906\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\476c77b1b9fb90da7fabe85b1f9acc58\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\5f2d3d36507bba5b4275aa760ec91614\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\54af8486786ba2e7ca2e1a66838cddba\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000616960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\5f3ba86581a914ec2892f06eb93c0fff\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000741376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\0aeaa63c5d68daff3ad87ff446416458\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\c09825447838e15c518dba2815342160\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\c4aafe6a2594850c7774594610002325\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\f54bcf370c9c23731b2850f5e39f0b2e\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\fe2e81664d2ad1d127e48d9f0dbb0a58\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\bb2e8afb87e63c2869dd89c2baaaeb1f\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\856f1b5153500f13c9083480bcedf8b4\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000313344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\3b5da5a6f888772a0a26a2c035bc8289\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\6b4605cca88eed21d78e4d49dd9d56f9\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\286ad41247a6a00cd4b744b0a0a2e094\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\caf269e4ca7e0882ffc3d4d3b0a2065f\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e76f4137#\0bc372edd48ebe18170deafd3e99cc93\CLI.Aspect.A4.A4.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000273408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\80ba3e3f742710fde6c8738d5e13dca1\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 003358720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\757abe95480bca690a28ff35a287e2d4\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000240128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\f74c2454e760893a08f82df740db579e\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\fecb8205195c0dac6245643997f544a2\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\78b217a1444be6ed60dd887124251230\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f38af62f#\b1f3a46a8d07a2e560ad141479156686\CLI.Aspect.A4.A4.Runtime.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\152492b077b993ea33266af76be6b1b0\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\ad7f56ffe9339dd628bfc8d2eced27e4\CLI.Caste.A4.Runtime.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\e3bf0aa8e1a5b7a00227877127b51e9c\CLI.Caste.A4.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\5e054128c0921dcf3562f21612af1050\CLI.Caste.A4.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\c3e426c78d165e7bfcc93f5afc61000a\CLI.Caste.Fuel.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\4dfc03c70741a09265cb8e553ac38bba\CLI.Caste.Fuel.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\09fb6b6d126d23f8dc3d052ec6c21f3d\CLI.Caste.Fuel.Dashboard.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\2a78ba7d1deb632e6871bcd848df92d1\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 001548800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\d2920d526f05b1df47520070ce3b367c\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000472576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\63d775a46ef3bdb38c25175c37395e04\CLI.Caste.Graphics.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\335b8033ea6b45bdde6ed37a491b7913\CLI.Caste.HydraVision.Runtime.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\d5b99b8afbfbf63c71d38d2d1c622646\CLI.Caste.HydraVision.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\64c2dc3940e59d30c6887fcabb011395\CLI.Caste.HydraVision.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\cad57680113d45fab4f9628bb62285b8\CLI.Caste.Platform.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\4342ed9a5c35d7afa4731e290974925e\CLI.Caste.Platform.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\eedd25ab6a1ec163e358e6651c4e4275\CLI.Caste.Platform.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\3b4787682bae770f963b1c72dee9b5bd\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\19cf9152f3919577f9636c244d78c39a\CLI.Component.Runtime.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\48cf95d6db144d0ac1d04458d5748374\CLI.Component.Dashboard.ProfileManager2.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\8eff78fe335609082406083f39e6bc05\CLI.Component.Runtime.Shared.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\3d7831c48bd5ab90eebc8011b6a8406c\CLI.Component.Runtime.Extension.EEU.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 001603584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\e4347a0b0603ec1186e7801c9366f556\CLI.Component.Dashboard.Shared.Private.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\6628f13757ca09560ad417de16a16a5f\CLI.Component.Client.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000084480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\6e213d8868c830e3c75b6da8bc069e18\CLI.Component.Dashboard.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\245644882251b20a49552c84cda942aa\CLI.Foundation.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\c4655b668a6da43499edd167a80927da\CLI.Foundation.XManifest.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\c30f82703426bad2e4c96c0d90492caa\CLI.Foundation.CoreAudioAPI.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000934400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\ab14806956154712f94fc0147761dab6\CLI.Foundation.Client.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\2d554629eafc8480c5b73575428b270f\CLI.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\e695b6f27b0bb4320f9fddcfafec9d66\DEM.Graphics.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\267a21f29702ed5f542e5178e47bc415\Fuel.Foundation.ni.dll
2021-02-14 10:00 - 2021-02-14 10:00 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\ddf5b7d0723687080f9ce40f44b72bfd\LOG.Foundation.Implementation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\3201bc042bf80f30a23e2067dfe51ec6\LOG.Foundation.Private.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000087040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\e9837ed6da48a5b81b648adebb570d00\LOG.Foundation.Implementation.Private.ni.dll
2021-02-14 09:56 - 2021-02-14 09:56 - 000123392 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\32b7153488399379a618241d18da9722\LOG.Foundation.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\a6e2d46ba278b6bdaf9c46e087544e95\MOM.Foundation.ni.dll
2021-01-18 18:30 - 2021-01-18 18:30 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\a8b816a2d7e76c7597224201df8c79cd\MOM.Implementation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\047ef198e7027a7bea26ebb0fa4825d4\NEWAEM.Foundation.ni.dll
2013-08-19 16:38 - 2013-08-19 16:38 - 000897024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2013-08-19 16:37 - 2013-08-19 16:37 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000774656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\cdc03450858662ef1e91227cd00302e0\ADL.Foundation.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000250880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\4429e5d4974410c2b3ff77aef4e16141\APM.Server.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000297984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\9a6d62f810534f3f28c4120fc7d94cd5\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 001652736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\4df40e7ed0ff422871ca396de614c2d6\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000740864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\aacdf444aeacdee5b5e387d794ebba07\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 002559488 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\b851a0124a5e15bfd24977ea0caf540b\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000989696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\48ff0249440fda720f1ec9cf306be922\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\d71070fd44d8c68f235a200078ac41ab\CLI.Component.Client.Shared.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000233472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\c308917db4bb833d6ce34e35278fe4b5\CLI.Component.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000914944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\e35b18a0904ee2c8b77178d4b297ce1e\CLI.Component.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\1a37310c265d41260b2c0ef61528786a\DEM.Graphics.I0706.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\e7870665ed7c5404fe5c5819b3bf6d45\DEM.Graphics.I0709.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\bbc215885d614c55ef6df7ee579f6471\DEM.Graphics.I0712.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\6de2027a71ec00655e9cab404146a863\DEM.Graphics.I0804.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\a5c2a762ac8fbc4887f9837633b9c320\DEM.Graphics.I0805.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\7cc772a1935ec5de5a8b516127016bfa\DEM.Graphics.I0812.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\9178266edd54e8c453f513f575e57055\DEM.Graphics.I0906.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\f56dc4dbc2fe29efa48a8b810cf5c253\DEM.Graphics.I0912.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\68fd1b0c1862cc13d30c92f58a5c3568\DEM.Graphics.I1010.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 001005568 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\7629198ada60b0cdd67d062a417f4a76\Localization.Foundation.Private.ni.dll
2021-02-14 10:01 - 2021-02-14 10:01 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\3cc558d2326936a31cf62a5e722bb0dc\ResourceManagement.Foundation.Implementation.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\30db84b3f7036da81e900b5e63b162b3\ResourceManagement.Foundation.Private.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\267605f5e60e7f1ee135e01bb0d4d6be\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 002286592 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\b1eace4370ff5b323e2744a4b0a7b2f0\CLI.Caste.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 002788864 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\284c65ef13d9764d51d089b8c06a0340\CLI.Caste.Graphics.Runtime.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000025600 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\76b5be2201eb8a8521577159281555fe\DEM.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000115200 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\20294701afa4090b16b58e5ada6f0aa1\DEM.Graphics.I0601.ni.dll
2011-04-29 12:34 - 2011-04-29 12:34 - 000927232 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 12:34 - 2011-04-29 12:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-04-29 20:08 - 2011-04-29 20:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 12:15 - 2010-08-06 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\Windows\SYSTEM32\hpzipr12.dll
2010-11-18 22:08 - 2010-11-18 22:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2014-01-18 18:12 - 2014-01-18 18:12 - 000796352 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2014-01-18 18:12 - 2014-01-18 18:12 - 002271424 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2014-01-18 18:12 - 2014-01-18 18:12 - 000283840 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-03-30 21:28 - 2018-12-03 12:24 - 000000041 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.2.1 - 207.164.234.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\StartupFolder: => "Jacquie Lawson Desktop Widget.lnk"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "BlackBerryLink.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "RIMDeviceManager"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "GarminExpress"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C38017F8-E0E8-4B42-89D2-849D1FB92D12}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5114AAF1-933F-48E2-B065-8FD049CD208B}] => (Allow) LPort=2869
FirewallRules: [{8A63499F-BA73-4586-9EFD-A4E8BE6C67DA}] => (Allow) LPort=1900
FirewallRules: [{06F2CB04-A283-4B52-B8AA-229C717AFC13}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9BE17BA2-312C-4A9E-8EAD-5EEF4C17223A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1EFE606F-A8FC-4435-8FD8-765B3E043242}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{842CDB17-A5DE-4194-BA3F-443B0EE2AEE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7CADD1D8-196B-4BFA-8606-09D4A1D2DC3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe => No File
FirewallRules: [{A633E9FE-8C22-4FD5-99B1-CBD85B312F2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{692FD454-8485-4925-9B1F-E23177E03DF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{64771FFA-6B11-4494-8A5F-F6B3B52BFAAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{01C75186-1D1C-40C4-8261-1E6E384740D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe => No File
FirewallRules: [{138E9223-D151-4D38-B731-42565D981DEC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe => No File
FirewallRules: [{A43B80CA-E240-46DC-8CBD-890601997478}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{8BB31203-604D-40B8-AC2D-D6B7BCC0CD74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{B74451E8-1D7C-4445-9284-9167934D3C5D}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{287D2EFC-FD93-4565-A30F-3AAABA4FA484}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe => No File
FirewallRules: [{3CB5F53A-8944-4F29-8D84-80BDE5F50762}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B0D5AAE4-97F0-4FE8-982D-5A99C8DB57A7}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{142E4A0A-587A-4D65-BC6B-BD25D7B42F84}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DCE51DE1-18DC-40E0-A2BB-2EC4E1264899}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4830FFDE-4BDC-49C9-B241-280544DA7EC3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C9B42E5F-A389-4CAE-B246-9BD01E019D3C}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7AE58E2A-6850-48BE-A271-D3CC2B44C5CB}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{D740E82B-1F84-4ADD-9F7E-EFB526EDDD03}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{8C393550-CD06-45AE-9FE6-E3C66BC4C26F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
FirewallRules: [{381490E1-8366-4260-A50D-51F2BA1DDF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
FirewallRules: [{6990E688-DD48-4218-9A5A-7F186F6A3587}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
FirewallRules: [{C995172F-4B35-4C87-8AAE-9F07622300FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
FirewallRules: [TCP Query User{96DD37C6-90F8-4701-952D-ABAE613FC0BC}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{B676CF24-2340-4BCA-A145-2C4E0A8EAD8A}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe => No File
FirewallRules: [TCP Query User{B1DA0F5A-40E9-403E-8D94-4B0F9FA3996B}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{F56BEE0E-1B0F-4925-914C-727FF4C8E757}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{D32B36C4-14DF-41FC-BA16-EF4850D54C4F}] => (Allow) C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{732C35E4-5E77-40EF-A208-90B671E11466}] => (Allow) C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{6EB01573-B325-46CA-8067-022DCC8C8965}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe => No File
FirewallRules: [UDP Query User{E7425883-01F0-4F1F-BF28-60F4BC06B01E}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe => No File
FirewallRules: [TCP Query User{F18C6CEA-AF23-4A69-A432-9426C66ABD88}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe => No File
FirewallRules: [UDP Query User{BF87E493-D389-4A5C-ABFA-392B720AFE27}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe => No File
FirewallRules: [TCP Query User{2983A92B-3262-4527-B7CD-87BDF385CE69}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe] => (Block) C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{609B29FF-93CF-4515-8132-4B526F5274A6}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe] => (Block) C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe => No File
FirewallRules: [TCP Query User{FA835CDF-F4DE-4EDE-9183-F11DD437FBA2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{5F5EE094-C0A5-4130-92CB-EDB299F7B198}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{D6165666-9DEF-4815-A6BB-954CE17EA0C0}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{D64F4BB0-01C5-40E0-8D8A-633FC2A4084C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{CDFF6ECA-CEA0-4A29-BA20-496B58DF8254}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{0E6742E6-D825-48A0-9E15-9578D030152E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{64DB1C5C-FA5D-4632-972C-AFF6BDCD0DA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E3C51DF4-EA9A-4381-9B60-732C750E9261}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C5FD0D-9617-4811-96B7-6F4584EE9163}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{58FA1AC0-7097-4461-8C50-D87EB21DB66E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{49E06D5A-D0F0-4649-AB4C-B0C92E32C012}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{A3904ACB-D723-40B0-84FC-82CD131424AC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96F34E72-338C-43F4-A665-A3D6DA664BE4}] => (Allow) C:\Users\Beatrice\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FFEA73B4-26C7-4B76-B566-16B7EC746F1B}] => (Allow) C:\Users\Beatrice\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ED614057-4496-4D36-A24E-5BBF11F5473B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9C7642F9-4C29-4714-9D3F-A67324DC94C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{311DF5C6-0821-4189-9756-DEFB77C9F34B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C863362F-668C-42B9-B273-881A20C7AF5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{09C6ABE0-D192-4E3E-884C-CB4878B1A6BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CE833B81-9D44-448B-96C2-F97E034B6190}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B635B7F1-B07B-4141-B333-3E7E282E9795}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7D467B21-A5CB-4ED0-A49E-24406CD321CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F7814187-F802-46DD-9F33-D8B7B42C3F46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{92BC6056-5737-411B-B1A6-6B3964BA46D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe => No File
FirewallRules: [{81B98103-2BCB-49CB-9519-1150EAB1CEA5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe => No File
FirewallRules: [{4F9307C3-1BB3-4471-9D2F-5AE3BA04A065}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{8D842A37-C161-4045-8982-317C72273187}] => (Allow) C:\Users\Beatrice\AppData\Roaming\TelusMeetings\bin\TelusBusinessConnectMeetings.exe => No File
FirewallRules: [{66D96944-E8DC-4915-8C0B-2CC13D39A28B}] => (Allow) C:\Users\Beatrice\AppData\Roaming\TelusMeetings\bin\airhost.exe => No File
FirewallRules: [{1E3E99D4-0E24-4476-95E7-042F505D5D67}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4310A9AF-CF57-42E5-A26D-B5F21B061E1A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{572F5BBF-8E6A-4F0C-881F-F2EBAD2F1529}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4B5C33EF-94D5-4B92-B821-6326F0360055}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
19-04-2021 07:44:41 Scheduled Checkpoint
27-04-2021 11:32:04 Scheduled Checkpoint
02-05-2021 08:53:49 Garmin Express
02-05-2021 08:54:58 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820
11-05-2021 08:56:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/11/2021 03:19:59 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (05/11/2021 03:17:56 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (05/11/2021 02:06:47 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (05/11/2021 02:06:47 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (05/11/2021 02:06:40 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
 
Error: (05/08/2021 03:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 510937
 
Error: (05/08/2021 03:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 510937
 
Error: (05/08/2021 03:56:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (05/11/2021 03:27:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Edge Update Service (edgeupdate) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/11/2021 03:27:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Edge Update Service (edgeupdate) service to connect.
 
Error: (05/11/2021 03:26:34 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (05/11/2021 03:19:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/11/2021 02:06:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/11/2021 08:56:37 AM) (Source: DCOM) (EventID: 10010) (User: Beatrice)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (05/11/2021 08:56:07 AM) (Source: DCOM) (EventID: 10010) (User: Beatrice)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (05/10/2021 10:05:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
================
Date: 2015-03-30 21:58:07.288
Description: 
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-03-30 21:09:45.609
Description: 
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2015-03-30 20:35:17.849
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2015-03-30 20:33:31.801
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
Date: 2015-03-30 00:29:39.000
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80004005
Error description: Unspecified error 
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2015-03-30 00:27:25.040
Description: 
Windows Defender Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x80070002
Error description: The system cannot find the file specified. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the computer.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.22 09/27/2013
Motherboard: Hewlett-Packard 213B
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 44%
Total physical RAM: 7643.95 MB
Available physical RAM: 4221.24 MB
Total Virtual: 8859.95 MB
Available Virtual: 5048.89 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:540.84 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{ef62169f-32b1-4fb5-ac9c-72b6ac8ca640}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.1 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 

  • 0

Advertisements

#2
RKinner
Posted 11 May 2021 - 03:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 7.0 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.


  • 0

#3
Beatriceswiss
Posted 11 May 2021 - 04:04 PM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Process explorer log.  Rest to come.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 90.23 0 K 4 K 0
explorer.exe 0.30 113,868 K 176,424 K 1504 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 5.15 30,200 K 56,868 K 4656 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
aswidsagent.exe 0.04 26,988 K 45,856 K 4916 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
Interrupts 0.85 0 K 0 K n/a Hardware Interrupts and DPCs
dllhost.exe 1,612 K 5,724 K 9996 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1.31 19,644 K 31,408 K 268
System 0.99 48,780 K 27,308 K 4
AVGSvc.exe 0.14 226,428 K 40,708 K 1356 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
csrss.exe 0.45 2,724 K 12,428 K 720
chrome.exe 0.18 112,804 K 183,340 K 9156 Google Chrome Google LLC (Verified) Google LLC
AVGUI.exe 0.21 53,612 K 56,724 K 4196 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
chrome.exe 51,388 K 95,624 K 8584 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 5,144 K 9,712 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,348 K 12,728 K 2880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
aswEngSrv.exe 83,764 K 216,232 K 2956
svchost.exe 4,924 K 12,376 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
avgToolsSvc.exe 0.02 74,868 K 102,392 K 1948 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
chrome.exe 22,264 K 41,540 K 9468 Google Chrome Google LLC (Verified) Google LLC
SearchIndexer.exe 31,872 K 32,220 K 3600 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 22,576 K 35,704 K 7916 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 30,880 K 46,688 K 608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 11,084 K 21,800 K 448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe < 0.01 6,020 K 13,728 K 808 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
CCC.exe 0.02 83,956 K 5,792 K 4200 Catalyst Control Center: Host application ATI Technologies Inc. (No signature was present in the subject) ATI Technologies Inc.
MOM.exe 0.02 27,324 K 4,432 K 4832 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (No signature was present in the subject) Advanced Micro Devices Inc.
svchost.exe 18,620 K 27,336 K 320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 99,612 K 105,328 K 424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe 0.01 2,936 K 10,576 K 2552 MobileDeviceService Apple Inc. (Verified) Apple Inc.
taskhostex.exe < 0.01 2,460 K 8,340 K 2152 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,012 K 4,412 K 616
svchost.exe 8,988 K 18,436 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5,200 K 12,900 K 4044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 22,196 K 30,896 K 2108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 8,644 K 20,412 K 2080 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe < 0.01 4,196 K 880 K 2164 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
hpservice.exe < 0.01 876 K 3,964 K 1140 HpService Hewlett-Packard Company (Verified) Hewlett-Packard Company
wsc_proxy.exe 4,440 K 10,900 K 3500 AVG remediation exe AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
wmpnetwk.exe 7,052 K 8,728 K 5968 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,332 K 7,484 K 4932
winlogon.exe 1,348 K 11,716 K 776
wininit.exe 828 K 4,192 K 704
unsecapp.exe 1,012 K 4,700 K 4420
SynTPHelper.exe 780 K 228 K 4404
svchost.exe 5,628 K 14,012 K 3640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,456 K 10,732 K 2744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,312 K 8,156 K 2536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,320 K 10,332 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,440 K 4,884 K 3676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe 420 K 1,188 K 384
services.exe 0.02 4,192 K 8,348 K 800
ScanToPCActivationApp.exe 2,708 K 10,280 K 4272 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe 4,836 K 14,568 K 7292 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 3,864 K 10,024 K 4924 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,604 K 5,920 K 1168 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,648 K 10,864 K 1188
RAVBg64.exe 5,192 K 10,364 K 5056 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 4,620 K 8,836 K 9224 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
notepad.exe 1,780 K 8,264 K 7828 Notepad Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1,476 K 5,104 K 2664 Bonjour Service Apple Inc. (Verified) Apple Inc.
hpwuschd2.exe 880 K 3,984 K 4716 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWMISVC.exe 1,232 K 5,564 K 2760 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
hpqwmiex.exe 1,560 K 7,228 K 6384 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpqtra08.exe 4,332 K 13,964 K 4280 HP Digital Imaging Monitor Hewlett-Packard Co. (Verified) Hewlett Packard
hpqste08.exe 4,092 K 11,860 K 2216 HP CUE Status Root Hewlett-Packard Co. (Verified) Hewlett Packard
hpqgpc01.exe 2,964 K 10,884 K 1056 GPCore COM object Hewlett-Packard (Verified) Hewlett Packard
hpqbam08.exe 1,440 K 6,176 K 3476 HP CUE Alert Popup Window Objects Hewlett-Packard Co. (Verified) Hewlett Packard
HPMSGSVC.exe 1,440 K 6,720 K 4840 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
GoogleCrashHandler64.exe 1,424 K 104 K 7120
GoogleCrashHandler.exe 1,500 K 136 K 6632
Fuel.Service.exe 1,744 K 7,252 K 2484 AMD Fuel Service Advanced Micro Devices, Inc. (No signature was present in the subject) Advanced Micro Devices, Inc.
dllhost.exe 17,028 K 23,312 K 1788 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,200 K 5,924 K 5080
dasHost.exe 6,184 K 15,088 K 2728
ClassicStartMenu.exe 2,496 K 8,768 K 1580 Classic Start Menu IvoSoft (Certificate expired) IvoSoft
chrome.exe 22,260 K 42,940 K 9848 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 18,088 K 26,332 K 4556 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 29,632 K 57,836 K 6700 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 17,828 K 15,780 K 7736 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 27,132 K 52,344 K 7552 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 26,552 K 48,332 K 2800 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 26,444 K 51,896 K 9284 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 29,756 K 57,124 K 7328 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 22,228 K 41,276 K 3220 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 35,940 K 57,740 K 7360 Google Chrome Google LLC (Verified) Google LLC
chrome.exe < 0.01 50,788 K 92,844 K 8132 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 6,196 K 6,036 K 3240 Google Chrome Google LLC (Verified) Google LLC
AVGUI.exe 31,024 K 38,296 K 3128 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
AVGUI.exe 25,124 K 37,088 K 3820 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA, LLC
atiesrxx.exe 756 K 3,328 K 276 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,228 K 7,624 K 848
armsvc.exe 1,008 K 4,048 K 2448 Adobe Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.
AERTSr64.exe 500 K 2,484 K 2464 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
AdaptiveSleepService.exe 1,232 K 4,716 K 2424 (No signature was present in the subject)
acrotray.exe 1,208 K 5,032 K 1376 AcroTray Adobe Systems Inc. (Verified) Adobe Systems, Incorporated
AccelerometerSt.exe 1,520 K 2,444 K 4536 Hp Accelerometer System Tray Hewlett-Packard Company (Verified) Hewlett-Packard Company

  • 0

#4
Beatriceswiss
Posted 11 May 2021 - 04:14 PM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       384 N/A                                         
csrss.exe                      616 N/A                                         
wininit.exe                    704 N/A                                         
csrss.exe                      720 N/A                                         
winlogon.exe                   776 N/A                                         
services.exe                   800 N/A                                         
lsass.exe                      808 KeyIso, SamSs                               
svchost.exe                    888 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
svchost.exe                    932 RpcEptMapper, RpcSs                         
dwm.exe                        268 N/A                                         
atiesrxx.exe                   276 AMD External Events Utility                 
svchost.exe                    320 Audiosrv, Dhcp, EventLog,                   
                                   HomeGroupProvider, lmhosts, Wcmsvc, wscsvc  
svchost.exe                    608 Appinfo, BITS, Browser, IKEEXT, iphlpsvc,   
                                   LanmanServer, MMCSS, ProfSvc, RasMan,       
                                   Schedule, SENS, ShellHWDetection, Themes,   
                                   Winmgmt                                     
svchost.exe                    448 bthserv, EventSystem, fdPHost, FontCache,   
                                   netprofm, nsi, SstpSvc, WdiServiceHost,     
                                   WinHttpAutoProxySvc                         
atieclxx.exe                   848 N/A                                         
svchost.exe                    424 AudioEndpointBuilder,                       
                                   DeviceAssociationService,                   
                                   HomeGroupListener, NcbService, PcaSvc,      
                                   SysMain, TrkWks, WdiSystemHost, WlanSvc     
hpservice.exe                 1140 hpsrv                                       
RtkAudioService64.exe         1168 RtkAudioService                             
RAVBg64.exe                   1188 N/A                                         
svchost.exe                   1228 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, TapiSrv                             
AVGSvc.exe                    1356 AVG Antivirus                               
explorer.exe                  1504 N/A                                         
ClassicStartMenu.exe          1580 N/A                                         
dllhost.exe                   1788 N/A                                         
avgToolsSvc.exe               1948 AVG Tools                                   
spoolsv.exe                   2080 Spooler                                     
svchost.exe                   2108 BFE, DPS, MpsSvc, NcdAutoSetup              
taskhostex.exe                2152 N/A                                         
SynTPEnh.exe                  2164 N/A                                         
AdaptiveSleepService.exe      2424 AdaptiveSleepService                        
armsvc.exe                    2448 AdobeARMservice                             
AERTSr64.exe                  2464 AERTFilters                                 
Fuel.Service.exe              2484 AMD FUEL Service                            
svchost.exe                   2536 AppHostSvc                                  
AppleMobileDeviceService.     2552 Apple Mobile Device Service                 
mDNSResponder.exe             2664 Bonjour Service                             
svchost.exe                   2692 DiagTrack                                   
dasHost.exe                   2728 N/A                                         
svchost.exe                   2744 hpqcxs08, hpqddsvc                          
HPWMISVC.exe                  2760 HPWMISVC                                    
svchost.exe                   2880 stisvc                                      
wsc_proxy.exe                 3500 AvgWscReporter                              
SearchIndexer.exe             3600 WSearch                                     
svchost.exe                   3640 FDResPub, SSDPSRV, TimeBroker, upnphost     
svchost.exe                   3676 PolicyAgent                                 
svchost.exe                   4044 p2pimsvc, p2psvc, PNRPsvc                   
SynTPHelper.exe               4404 N/A                                         
RtkNGUI64.exe                 4924 N/A                                         
WmiPrvSE.exe                  4932 N/A                                         
RAVBg64.exe                   5056 N/A                                         
dllhost.exe                   5080 N/A                                         
AVGUI.exe                     4196 N/A                                         
ScanToPCActivationApp.exe     4272 N/A                                         
hpqtra08.exe                  4280 N/A                                         
AccelerometerSt.exe           4536 N/A                                         
HPMSGSVC.exe                  4840 N/A                                         
acrotray.exe                  1376 N/A                                         
hpwuschd2.exe                 4716 N/A                                         
hpqste08.exe                  2216 N/A                                         
hpqbam08.exe                  3476 N/A                                         
hpqgpc01.exe                  1056 N/A                                         
aswEngSrv.exe                 2956 N/A                                         
aswidsagent.exe               4916 avgbIDSAgent                                
MOM.exe                       4832 N/A                                         
unsecapp.exe                  4420 N/A                                         
CCC.exe                       4200 N/A                                         
AVGUI.exe                     3128 N/A                                         
AVGUI.exe                     3820 N/A                                         
wmpnetwk.exe                  5968 WMPNetworkSvc                               
GoogleCrashHandler.exe        6632 N/A                                         
GoogleCrashHandler64.exe      7120 N/A                                         
hpqwmiex.exe                  6384 hpqwmiex                                    
RuntimeBroker.exe             7292 N/A                                         
chrome.exe                    9156 N/A                                         
chrome.exe                    3240 N/A                                         
chrome.exe                    7552 N/A                                         
chrome.exe                    7916 N/A                                         
chrome.exe                    7736 N/A                                         
chrome.exe                    8132 N/A                                         
chrome.exe                    6700 N/A                                         
chrome.exe                    7328 N/A                                         
chrome.exe                    2800 N/A                                         
chrome.exe                    8584 N/A                                         
chrome.exe                    3220 N/A                                         
chrome.exe                    7360 N/A                                         
chrome.exe                    9284 N/A                                         
chrome.exe                    4556 N/A                                         
procexp.exe                   9224 N/A                                         
procexp64.exe                 4656 N/A                                         
chrome.exe                    4128 N/A                                         
chrome.exe                    7384 N/A                                         
chrome.exe                    6832 N/A                                         
SearchProtocolHost.exe        6364 N/A                                         
SearchFilterHost.exe          9256 N/A                                         
audiodg.exe                   7544 N/A                                         
dllhost.exe                   5232 N/A                                         
dllhost.exe                   1008 N/A                                         
cmd.exe                       6356 N/A                                         
conhost.exe                   4680 N/A                                         
tasklist.exe                  2576 N/A                                         
WmiPrvSE.exe                  6664 N/A                                         

  • 0

#5
Beatriceswiss
Posted 11 May 2021 - 04:22 PM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Speccy file attached.

Attached Files


  • 0

#6
Beatriceswiss
Posted 11 May 2021 - 04:58 PM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Not sure how to save the two images as jpg.  Working on it.


  • 0

#7
Beatriceswiss
Posted 11 May 2021 - 06:56 PM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Here are the two screenshots.

Attached Thumbnails

  • Screenshot 1.jpg
  • Screenshot 2.jpg

  • 0

#8
RKinner
Posted 11 May 2021 - 07:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You missed a step:

 

After running Latency Monitor for 20 seconds you were supposed to:

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply. 

 

 

Search for

services.msc

hit Enter

That will open the Services list.  Scroll down to where it says:

AMD External Events Utility

right click on it and select Properties.   Change the Startup Type: to Disabled.  Apply.  If the service is running, Stop it.  OK

 

That will should get rid of one source of errors that may be slowing things down.

 

Let's let FRST run DISM & SFC to check the system files:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   14.18KB   156 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


 

 

 


  • 0

#9
Beatriceswiss
Posted 12 May 2021 - 07:43 AM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:31  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        BEATRICE
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             HP Pavilion 17 Notebook PC, Hewlett-Packard
CPU:                                                  AuthenticAMD AMD A6-5200 APU with Radeon™ HD Graphics 
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  7643 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1996 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   764.311476
Average measured interrupt to process latency (µs):   10.231120
 
Highest measured interrupt to DPC latency (µs):       746.870811
Average measured interrupt to DPC latency (µs):       2.805953
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              95.001002
Driver with highest ISR routine execution time:       rtbth.sys - Ralink Bluetooth Adapter, Ralink Technology, Corp.
 
Highest reported total ISR routine time (%):          0.015686
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.016118
 
ISR count (execution time <250 µs):                   2196
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              542.772044
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087064
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.248182
 
DPC count (execution time <250 µs):                   74384
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              105
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1604
Hard pagefault count of hardest hit process:          745
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.942968
CPU 0 ISR highest execution time (µs):                95.001002
CPU 0 ISR total execution time (s):                   0.007639
CPU 0 ISR count:                                      839
CPU 0 DPC highest execution time (µs):                542.772044
CPU 0 DPC total execution time (s):                   0.215664
CPU 0 DPC count:                                      70404
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.392551
CPU 1 ISR highest execution time (µs):                21.589679
CPU 1 ISR total execution time (s):                   0.004153
CPU 1 ISR count:                                      460
CPU 1 DPC highest execution time (µs):                520.884269
CPU 1 DPC total execution time (s):                   0.033565
CPU 1 DPC count:                                      1578
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.404432
CPU 2 ISR highest execution time (µs):                94.510020
CPU 2 ISR total execution time (s):                   0.004240
CPU 2 ISR count:                                      449
CPU 2 DPC highest execution time (µs):                505.336673
CPU 2 DPC total execution time (s):                   0.031240
CPU 2 DPC count:                                      1437
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.326929
CPU 3 ISR highest execution time (µs):                43.419840
CPU 3 ISR total execution time (s):                   0.004065
CPU 3 ISR count:                                      448
CPU 3 DPC highest execution time (µs):                426.411824
CPU 3 DPC total execution time (s):                   0.028975
CPU 3 DPC count:                                      1070
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:31  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        BEATRICE
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             HP Pavilion 17 Notebook PC, Hewlett-Packard
CPU:                                                  AuthenticAMD AMD A6-5200 APU with Radeon™ HD Graphics 
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  7643 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1996 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   764.311476
Average measured interrupt to process latency (µs):   10.231120
 
Highest measured interrupt to DPC latency (µs):       746.870811
Average measured interrupt to DPC latency (µs):       2.805953
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              95.001002
Driver with highest ISR routine execution time:       rtbth.sys - Ralink Bluetooth Adapter, Ralink Technology, Corp.
 
Highest reported total ISR routine time (%):          0.015686
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.016118
 
ISR count (execution time <250 µs):                   2196
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              542.772044
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087064
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.248182
 
DPC count (execution time <250 µs):                   74384
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              105
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1604
Hard pagefault count of hardest hit process:          745
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.942968
CPU 0 ISR highest execution time (µs):                95.001002
CPU 0 ISR total execution time (s):                   0.007639
CPU 0 ISR count:                                      839
CPU 0 DPC highest execution time (µs):                542.772044
CPU 0 DPC total execution time (s):                   0.215664
CPU 0 DPC count:                                      70404
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.392551
CPU 1 ISR highest execution time (µs):                21.589679
CPU 1 ISR total execution time (s):                   0.004153
CPU 1 ISR count:                                      460
CPU 1 DPC highest execution time (µs):                520.884269
CPU 1 DPC total execution time (s):                   0.033565
CPU 1 DPC count:                                      1578
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.404432
CPU 2 ISR highest execution time (µs):                94.510020
CPU 2 ISR total execution time (s):                   0.004240
CPU 2 ISR count:                                      449
CPU 2 DPC highest execution time (µs):                505.336673
CPU 2 DPC total execution time (s):                   0.031240
CPU 2 DPC count:                                      1437
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.326929
CPU 3 ISR highest execution time (µs):                43.419840
CPU 3 ISR total execution time (s):                   0.004065
CPU 3 ISR count:                                      448
CPU 3 DPC highest execution time (µs):                426.411824
CPU 3 DPC total execution time (s):                   0.028975
CPU 3 DPC count:                                      1070
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:31  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        BEATRICE
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             HP Pavilion 17 Notebook PC, Hewlett-Packard
CPU:                                                  AuthenticAMD AMD A6-5200 APU with Radeon™ HD Graphics 
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  7643 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1996 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   764.311476
Average measured interrupt to process latency (µs):   10.231120
 
Highest measured interrupt to DPC latency (µs):       746.870811
Average measured interrupt to DPC latency (µs):       2.805953
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              95.001002
Driver with highest ISR routine execution time:       rtbth.sys - Ralink Bluetooth Adapter, Ralink Technology, Corp.
 
Highest reported total ISR routine time (%):          0.015686
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.016118
 
ISR count (execution time <250 µs):                   2196
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              542.772044
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087064
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.248182
 
DPC count (execution time <250 µs):                   74384
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              105
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1604
Hard pagefault count of hardest hit process:          745
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.942968
CPU 0 ISR highest execution time (µs):                95.001002
CPU 0 ISR total execution time (s):                   0.007639
CPU 0 ISR count:                                      839
CPU 0 DPC highest execution time (µs):                542.772044
CPU 0 DPC total execution time (s):                   0.215664
CPU 0 DPC count:                                      70404
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.392551
CPU 1 ISR highest execution time (µs):                21.589679
CPU 1 ISR total execution time (s):                   0.004153
CPU 1 ISR count:                                      460
CPU 1 DPC highest execution time (µs):                520.884269
CPU 1 DPC total execution time (s):                   0.033565
CPU 1 DPC count:                                      1578
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.404432
CPU 2 ISR highest execution time (µs):                94.510020
CPU 2 ISR total execution time (s):                   0.004240
CPU 2 ISR count:                                      449
CPU 2 DPC highest execution time (µs):                505.336673
CPU 2 DPC total execution time (s):                   0.031240
CPU 2 DPC count:                                      1437
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.326929
CPU 3 ISR highest execution time (µs):                43.419840
CPU 3 ISR total execution time (s):                   0.004065
CPU 3 ISR count:                                      448
CPU 3 DPC highest execution time (µs):                426.411824
CPU 3 DPC total execution time (s):                   0.028975
CPU 3 DPC count:                                      1070
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:31  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        BEATRICE
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             HP Pavilion 17 Notebook PC, Hewlett-Packard
CPU:                                                  AuthenticAMD AMD A6-5200 APU with Radeon™ HD Graphics 
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  7643 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1996 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   764.311476
Average measured interrupt to process latency (µs):   10.231120
 
Highest measured interrupt to DPC latency (µs):       746.870811
Average measured interrupt to DPC latency (µs):       2.805953
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              95.001002
Driver with highest ISR routine execution time:       rtbth.sys - Ralink Bluetooth Adapter, Ralink Technology, Corp.
 
Highest reported total ISR routine time (%):          0.015686
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.016118
 
ISR count (execution time <250 µs):                   2196
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              542.772044
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087064
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.248182
 
DPC count (execution time <250 µs):                   74384
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              105
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1604
Hard pagefault count of hardest hit process:          745
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.942968
CPU 0 ISR highest execution time (µs):                95.001002
CPU 0 ISR total execution time (s):                   0.007639
CPU 0 ISR count:                                      839
CPU 0 DPC highest execution time (µs):                542.772044
CPU 0 DPC total execution time (s):                   0.215664
CPU 0 DPC count:                                      70404
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.392551
CPU 1 ISR highest execution time (µs):                21.589679
CPU 1 ISR total execution time (s):                   0.004153
CPU 1 ISR count:                                      460
CPU 1 DPC highest execution time (µs):                520.884269
CPU 1 DPC total execution time (s):                   0.033565
CPU 1 DPC count:                                      1578
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.404432
CPU 2 ISR highest execution time (µs):                94.510020
CPU 2 ISR total execution time (s):                   0.004240
CPU 2 ISR count:                                      449
CPU 2 DPC highest execution time (µs):                505.336673
CPU 2 DPC total execution time (s):                   0.031240
CPU 2 DPC count:                                      1437
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.326929
CPU 3 ISR highest execution time (µs):                43.419840
CPU 3 ISR total execution time (s):                   0.004065
CPU 3 ISR count:                                      448
CPU 3 DPC highest execution time (µs):                426.411824
CPU 3 DPC total execution time (s):                   0.028975
CPU 3 DPC count:                                      1070
_________________________________________________________________________________________________________
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:31  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        BEATRICE
OS version:                                           Windows 8.1, 6.3, build: 9600 (x64)
Hardware:                                             HP Pavilion 17 Notebook PC, Hewlett-Packard
CPU:                                                  AuthenticAMD AMD A6-5200 APU with Radeon™ HD Graphics 
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  7643 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   1996 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   764.311476
Average measured interrupt to process latency (µs):   10.231120
 
Highest measured interrupt to DPC latency (µs):       746.870811
Average measured interrupt to DPC latency (µs):       2.805953
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              95.001002
Driver with highest ISR routine execution time:       rtbth.sys - Ralink Bluetooth Adapter, Ralink Technology, Corp.
 
Highest reported total ISR routine time (%):          0.015686
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.016118
 
ISR count (execution time <250 µs):                   2196
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              542.772044
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087064
Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.248182
 
DPC count (execution time <250 µs):                   74384
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              105
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1604
Hard pagefault count of hardest hit process:          745
Number of processes hit:                              7
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.942968
CPU 0 ISR highest execution time (µs):                95.001002
CPU 0 ISR total execution time (s):                   0.007639
CPU 0 ISR count:                                      839
CPU 0 DPC highest execution time (µs):                542.772044
CPU 0 DPC total execution time (s):                   0.215664
CPU 0 DPC count:                                      70404
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.392551
CPU 1 ISR highest execution time (µs):                21.589679
CPU 1 ISR total execution time (s):                   0.004153
CPU 1 ISR count:                                      460
CPU 1 DPC highest execution time (µs):                520.884269
CPU 1 DPC total execution time (s):                   0.033565
CPU 1 DPC count:                                      1578
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.404432
CPU 2 ISR highest execution time (µs):                94.510020
CPU 2 ISR total execution time (s):                   0.004240
CPU 2 ISR count:                                      449
CPU 2 DPC highest execution time (µs):                505.336673
CPU 2 DPC total execution time (s):                   0.031240
CPU 2 DPC count:                                      1437
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.326929
CPU 3 ISR highest execution time (µs):                43.419840
CPU 3 ISR total execution time (s):                   0.004065
CPU 3 ISR count:                                      448
CPU 3 DPC highest execution time (µs):                426.411824
CPU 3 DPC total execution time (s):                   0.028975
CPU 3 DPC count:                                      1070
_________________________________________________________________________________________________________
 
The rest from post #8 to follow

  • 0

#10
RKinner
Posted 12 May 2021 - 07:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Search for

task scheduler

hit Enter

Click on the arrow in front of Task Scheduler Library then

Click on the arrow in front of Microsoft

Click on the arrow in front of Windows

Click on Application Experience.  In the next pane to the right, right click on each Task and Disable.  Should be three or four (later versions) tasks.

Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Disable.  Should be two tasks.

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

Rerun Latency Monitor and post the summary.



 


  • 0

Advertisements

#11
Beatriceswiss
Posted 12 May 2021 - 09:40 AM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Attached are the logs from post #8: Fixlog, FRST and Addition logs.  Post 10 instructions still to be carried out.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-05-2021
Ran by Beatrice (12-05-2021 09:52:11) Run:1
Running from C:\Users\Beatrice\Desktop
Loaded Profiles: Beatrice
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\MountPoints2: {7bf13d53-2ea9-11e8-8342-485ab6bbca3e} - "F:\SISetup.exe" 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\MountPoints2: {d59268f8-af74-11e5-82de-485ab6bbca3e} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\Start.exe
Startup: C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Desktop Widget.lnk [2019-01-29]
ShortcutTarget: Jacquie Lawson Desktop Widget.lnk -> C:\Program Files (x86)\Jacquie Lawson Desktop Widget\Jacquie Lawson Desktop Widget.exe (No File)
Task: {2851BE0E-70F2-4659-B15D-B2FAD39288E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupload.exe
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X]
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\StartupFolder: => "Jacquie Lawson Desktop Widget.lnk"
FirewallRules: [{A633E9FE-8C22-4FD5-99B1-CBD85B312F2E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe => No File
FirewallRules: [{692FD454-8485-4925-9B1F-E23177E03DF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe => No File
FirewallRules: [{64771FFA-6B11-4494-8A5F-F6B3B52BFAAD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe => No File
FirewallRules: [{01C75186-1D1C-40C4-8261-1E6E384740D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe => No File
FirewallRules: [{138E9223-D151-4D38-B731-42565D981DEC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe => No File
FirewallRules: [{A43B80CA-E240-46DC-8CBD-890601997478}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{8BB31203-604D-40B8-AC2D-D6B7BCC0CD74}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{B74451E8-1D7C-4445-9284-9167934D3C5D}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{287D2EFC-FD93-4565-A30F-3AAABA4FA484}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe => No File
FirewallRules: [{8C393550-CD06-45AE-9FE6-E3C66BC4C26F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
FirewallRules: [{381490E1-8366-4260-A50D-51F2BA1DDF43}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe => No File
FirewallRules: [{6990E688-DD48-4218-9A5A-7F186F6A3587}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
FirewallRules: [{C995172F-4B35-4C87-8AAE-9F07622300FA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe => No File
FirewallRules: [TCP Query User{96DD37C6-90F8-4701-952D-ABAE613FC0BC}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{B676CF24-2340-4BCA-A145-2C4E0A8EAD8A}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe => No File
FirewallRules: [{D32B36C4-14DF-41FC-BA16-EF4850D54C4F}] => (Allow) C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{732C35E4-5E77-40EF-A208-90B671E11466}] => (Allow) C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [TCP Query User{6EB01573-B325-46CA-8067-022DCC8C8965}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe => No File
FirewallRules: [UDP Query User{E7425883-01F0-4F1F-BF28-60F4BC06B01E}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe => No File
FirewallRules: [TCP Query User{F18C6CEA-AF23-4A69-A432-9426C66ABD88}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe => No File
FirewallRules: [UDP Query User{BF87E493-D389-4A5C-ABFA-392B720AFE27}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe] => (Allow) C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe => No File
FirewallRules: [TCP Query User{2983A92B-3262-4527-B7CD-87BDF385CE69}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe] => (Block) C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe => No File
FirewallRules: [UDP Query User{609B29FF-93CF-4515-8132-4B526F5274A6}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe] => (Block) C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe => No File
FirewallRules: [TCP Query User{FA835CDF-F4DE-4EDE-9183-F11DD437FBA2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{5F5EE094-C0A5-4130-92CB-EDB299F7B198}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{D6165666-9DEF-4815-A6BB-954CE17EA0C0}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{D64F4BB0-01C5-40E0-8D8A-633FC2A4084C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{CDFF6ECA-CEA0-4A29-BA20-496B58DF8254}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe => No File
FirewallRules: [{58FA1AC0-7097-4461-8C50-D87EB21DB66E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{49E06D5A-D0F0-4649-AB4C-B0C92E32C012}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe => No File
FirewallRules: [{8D842A37-C161-4045-8982-317C72273187}] => (Allow) C:\Users\Beatrice\AppData\Roaming\TelusMeetings\bin\TelusBusinessConnectMeetings.exe => No File
FirewallRules: [{66D96944-E8DC-4915-8C0B-2CC13D39A28B}] => (Allow) C:\Users\Beatrice\AppData\Roaming\TelusMeetings\bin\airhost.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bf13d53-2ea9-11e8-8342-485ab6bbca3e} => removed successfully
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d59268f8-af74-11e5-82de-485ab6bbca3e} => removed successfully
C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Desktop Widget.lnk => moved successfully
"C:\Program Files (x86)\Jacquie Lawson Desktop Widget\Jacquie Lawson Desktop Widget.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2851BE0E-70F2-4659-B15D-B2FAD39288E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2851BE0E-70F2-4659-B15D-B2FAD39288E8}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker" => removed successfully
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => moved successfully
C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002.job => moved successfully
HKLM\System\CurrentControlSet\Services\RimUsb => removed successfully
RimUsb => service removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => removed successfully
"C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Desktop Widget.lnk" => not found
"HKU\S-1-5-21-3281177217-869368764-2006139627-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Jacquie Lawson Desktop Widget.lnk" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A633E9FE-8C22-4FD5-99B1-CBD85B312F2E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{692FD454-8485-4925-9B1F-E23177E03DF0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64771FFA-6B11-4494-8A5F-F6B3B52BFAAD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01C75186-1D1C-40C4-8261-1E6E384740D1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{138E9223-D151-4D38-B731-42565D981DEC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A43B80CA-E240-46DC-8CBD-890601997478}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BB31203-604D-40B8-AC2D-D6B7BCC0CD74}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B74451E8-1D7C-4445-9284-9167934D3C5D}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{287D2EFC-FD93-4565-A30F-3AAABA4FA484}C:\users\beatrice\appdata\local\temp\lmi9680.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C393550-CD06-45AE-9FE6-E3C66BC4C26F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{381490E1-8366-4260-A50D-51F2BA1DDF43}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6990E688-DD48-4218-9A5A-7F186F6A3587}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C995172F-4B35-4C87-8AAE-9F07622300FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{96DD37C6-90F8-4701-952D-ABAE613FC0BC}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B676CF24-2340-4BCA-A145-2C4E0A8EAD8A}C:\users\beatrice\appdata\local\temp\lmi504a.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D32B36C4-14DF-41FC-BA16-EF4850D54C4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{732C35E4-5E77-40EF-A208-90B671E11466}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6EB01573-B325-46CA-8067-022DCC8C8965}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7425883-01F0-4F1F-BF28-60F4BC06B01E}C:\users\beatrice\appdata\roaming\dropbox\bin\dropbox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F18C6CEA-AF23-4A69-A432-9426C66ABD88}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BF87E493-D389-4A5C-ABFA-392B720AFE27}C:\program files (x86)\hasbro interactive\trivial pursuit millennium edition\tp.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2983A92B-3262-4527-B7CD-87BDF385CE69}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{609B29FF-93CF-4515-8132-4B526F5274A6}C:\users\beatrice\appdata\local\temp\lmi2992.tmp\logmein client.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FA835CDF-F4DE-4EDE-9183-F11DD437FBA2}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5F5EE094-C0A5-4130-92CB-EDB299F7B198}C:\program files (x86)\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6165666-9DEF-4815-A6BB-954CE17EA0C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D64F4BB0-01C5-40E0-8D8A-633FC2A4084C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDFF6ECA-CEA0-4A29-BA20-496B58DF8254}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58FA1AC0-7097-4461-8C50-D87EB21DB66E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49E06D5A-D0F0-4649-AB4C-B0C92E32C012}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D842A37-C161-4045-8982-317C72273187}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66D96944-E8DC-4915-8C0B-2CC13D39A28B}" => removed successfully
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 6.3.9600.19408
 
Image Version: 6.3.9600.19397
 
 
Error: 0x80240021
 
DISM failed. No operation was performed. 
For more information, review the log file.
 
The DISM log file can be found at C:\Windows\Logs\DISM\dism.log
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
Another servicing or repair operation is currently running.  
 
Wait for this to finish and run sfc again.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:47:09 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-05-2021
Ran by Beatrice (administrator) on BEATRICE (Hewlett-Packard HP Pavilion 17 Notebook PC) (12-05-2021 11:20:57)
Running from C:\Users\Beatrice\Desktop
Loaded Profiles: Beatrice
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19991_none_fa0fb7959b4c8c91\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [166144 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-10-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare Software Co., Ltd.  -> Wondershare)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Beatrice\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=866453ef907a47d2a1e59913f05f23cd-7b0c96f9aa992d7393c82dd82ae949bc32978813 /CMPID=0214c
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG -> Nero AG)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [uTorrent] => "C:\Users\Beatrice\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [BlackBerryLink.exe] => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [91016584 2021-01-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31162288 2021-04-29] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpfpp083: C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll [254464 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\LMACGL4C: C:\Windows\System32\spool\prtprocs\x64\LMACGL4C.DLL [81920 2011-06-02] (Microsoft Windows Hardware Compatibility Publisher -> Lexmark International Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [51032 2008-04-07] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 6412 Status Monitor: C:\Windows\system32\hpinksts6412LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet 4620 series): C:\Windows\system32\HPDiscoPM6412.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\hpf3l083.dll: C:\Windows\system32\hpf3l083.dll [134144 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2021-01-08]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B19C810-13C3-4EF7-823B-BD17E1F76D93} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {213C8E23-EF11-4771-9B02-67FF1D84C4A1} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [4747008 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {3A918669-731A-4E2F-9697-B7F16E6AC905} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {41D3515E-BCA9-4F9F-825D-D32EE3EA102C} - System32\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002 => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-05-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {52402E40-0599-4C9A-A41E-199DC7B9F7E0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {58B040EB-6780-459B-82DE-8AE267E10B50} - System32\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002 => C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-05-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {5DA8520C-8C9E-4F90-BAC2-03C92A80859C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {ACC5647D-D2F3-4C2B-A471-FB634E0039B7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {AEE99C6E-BE10-4C77-9879-423F5B78679C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {BABB5768-11E9-4561-AFCC-EA6483C9F4DC} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {CDC8479E-85C6-40AE-96B4-0432A5C3090C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{486B1D7C-1E02-42D5-B6AA-A45F73E675F1}: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 192.168.3.5 192.168.3.1
Tcpip\..\Interfaces\{A16B1061-4FB6-41C7-84E2-AFC95E3F2D72}: [DhcpNameServer] 192.168.42.129
 
Edge: 
=======
Edge Profile: C:\Users\Beatrice\AppData\Local\Microsoft\Edge\User Data\Default [2020-09-27]
 
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default [2021-05-12]
CHR Notifications: Default -> hxxps://app.gotowebinar.com; hxxps://calendar.google.com; hxxps://hmsd.edsby.com; hxxps://mail.google.com; hxxps://newtonsgrove.edsby.com; hxxps://nowtoronto.com; hxxps://web.skype.com; hxxps://www.680news.com; hxxps://www.explore-mag.com; hxxps://www.facebook.com; hxxps://www.myswitzerland.com; hxxps://www.point2homes.com; hxxps://www0.123movieshub.sc
CHR Extension: (Slides) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-27]
CHR Extension: (uBlock Origin) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-11]
CHR Extension: (Sheets) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-20]
CHR Extension: (Skype) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-22]
CHR Profile: C:\Users\Beatrice\AppData\Local\Google\Chrome\User Data\System Profile [2020-09-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [607488 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [356608 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [7941688 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-02-26] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-04-18] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35816 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [212344 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [365112 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250408 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99384 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41432 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [180576 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [522520 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [107920 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83008 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [850784 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [467840 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215488 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [327104 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-23] (Hewlett-Packard Company -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-12 11:20 - 2021-05-12 11:23 - 000025257 _____ C:\Users\Beatrice\Desktop\FRST.txt
2021-05-12 09:52 - 2021-05-12 10:47 - 000016714 _____ C:\Users\Beatrice\Desktop\Fixlog.txt
2021-05-12 09:50 - 2021-05-12 09:51 - 000000000 ____D C:\Users\Beatrice\Desktop\FRST-OlderVersion
2021-05-12 09:50 - 2021-05-12 09:50 - 000000000 ___HD C:\$AV_AVG
2021-05-12 09:47 - 2021-05-12 09:47 - 000014518 _____ C:\Users\Beatrice\Downloads\fixlist.txt
2021-05-11 18:45 - 2021-05-12 09:41 - 000000833 _____ C:\Users\Beatrice\Desktop\LatencyMon.lnk
2021-05-11 18:45 - 2021-05-12 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2021-05-11 18:45 - 2021-05-12 09:41 - 000000000 ____D C:\Program Files\LatencyMon
2021-05-11 18:45 - 2021-05-11 18:44 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\Beatrice\Desktop\LatencyMon.exe
2021-05-11 18:45 - 2020-08-21 09:36 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2021-05-11 18:44 - 2021-05-11 18:44 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\Beatrice\Downloads\LatencyMon.exe
2021-05-11 18:17 - 2021-05-11 18:17 - 000000815 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-05-11 18:17 - 2021-05-11 18:17 - 000000815 _____ C:\ProgramData\Desktop\Speccy.lnk
2021-05-11 18:17 - 2021-05-11 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2021-05-11 18:17 - 2021-05-11 18:17 - 000000000 ____D C:\Program Files\Speccy
2021-05-11 18:16 - 2021-05-11 18:15 - 008234296 _____ (Piriform Software Ltd) C:\Users\Beatrice\Desktop\spsetup132.exe
2021-05-11 18:15 - 2021-05-11 18:15 - 008234296 _____ (Piriform Software Ltd) C:\Users\Beatrice\Downloads\spsetup132.exe
2021-05-11 18:12 - 2021-05-11 18:12 - 000009398 _____ C:\junk.txt
2021-05-11 17:57 - 2021-05-11 17:56 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Beatrice\Desktop\procexp.exe
2021-05-11 17:56 - 2021-05-11 17:56 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Beatrice\Downloads\procexp.exe
2021-05-11 15:56 - 2021-05-12 11:22 - 000000000 ____D C:\FRST
2021-05-11 15:55 - 2021-05-12 09:50 - 002299392 _____ (Farbar) C:\Users\Beatrice\Desktop\FRST64.exe
2021-05-11 15:49 - 2021-05-11 15:49 - 002298880 _____ (Farbar) C:\Users\Beatrice\Downloads\FRST64.exe
2021-05-11 13:53 - 2021-05-11 13:53 - 000481126 _____ C:\Users\Beatrice\Downloads\Popcorn 2021.pdf
2021-05-11 10:30 - 2021-05-11 10:30 - 000096204 _____ C:\Users\Beatrice\Desktop\Scanned from a Xerox Multifunction Printer (2).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (5).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (4).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (3).pdf
2021-05-11 10:29 - 2021-05-11 10:29 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (2).pdf
2021-05-11 10:26 - 2021-05-11 10:26 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer (1).pdf
2021-05-11 09:52 - 2021-05-11 09:52 - 000096204 _____ C:\Users\Beatrice\Downloads\Scanned from a Xerox Multifunction Printer.pdf
2021-05-10 17:31 - 2021-05-10 17:31 - 000090191 _____ C:\Users\Beatrice\Downloads\Documents - I made the changes we discussed. (1).zip
2021-05-10 15:54 - 2021-05-10 15:54 - 000090191 _____ C:\Users\Beatrice\Downloads\Documents - I made the changes we discussed..zip
2021-05-10 15:51 - 2021-05-10 15:51 - 000804293 _____ C:\Users\Beatrice\Downloads\popcorn order Bill.pdf
2021-05-08 17:21 - 2021-05-08 17:21 - 000164190 _____ C:\Users\Beatrice\Downloads\Get ready to visit THEMUSEUM (2).zip
2021-05-08 14:41 - 2021-05-08 14:41 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (3).zip
2021-05-08 14:41 - 2021-05-08 14:41 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (2).zip
2021-05-08 12:50 - 2021-05-08 12:50 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please (1).zip
2021-05-08 12:45 - 2021-05-08 12:45 - 000164190 _____ C:\Users\Beatrice\Downloads\Get ready to visit THEMUSEUM (1).zip
2021-05-07 13:13 - 2021-05-07 13:13 - 000056882 _____ C:\Users\Beatrice\Downloads\Your Comments Please.zip
2021-05-06 09:18 - 2021-05-06 09:18 - 000023424 _____ C:\Users\Beatrice\Downloads\Renees-Garden-Cornucopia-For-Web.pdf
2021-05-04 20:56 - 2021-05-04 20:56 - 000000356 _____ C:\Users\Beatrice\Downloads\Danieltest_ May 4, 2021 at 4_00 PM - HealthCheck (1).csv
2021-05-04 18:34 - 2021-05-10 08:54 - 000000000 ____D C:\Users\Beatrice\Documents\Garden
2021-05-04 18:28 - 2021-05-04 18:28 - 000000356 _____ C:\Users\Beatrice\Downloads\Danieltest_ May 4, 2021 at 4_00 PM - HealthCheck.csv
2021-05-04 15:09 - 2021-05-04 15:09 - 000735181 _____ C:\Users\Beatrice\Downloads\popcorn order .zip
2021-05-04 14:01 - 2021-05-10 22:03 - 000003676 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-04 14:01 - 2021-05-10 22:03 - 000003580 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-04 14:01 - 2021-05-07 12:32 - 000000000 ____D C:\Users\Beatrice\AppData\Local\GoToMeeting
2021-05-04 14:00 - 2021-05-04 14:00 - 000000000 ____D C:\Users\Beatrice\AppData\Local\GoTo Opener
2021-05-03 19:00 - 2021-05-03 19:00 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-05-03 17:34 - 2021-05-03 17:34 - 000275796 _____ C:\Users\Beatrice\Downloads\April 27, 2021 - 22nd Toronto Scout Group Meeting.pdf
2021-05-03 14:44 - 2021-05-03 14:44 - 007595241 _____ C:\Users\Beatrice\Downloads\VID-20210124-WA0003.mp4
2021-05-03 14:26 - 2021-05-03 14:26 - 001241127 _____ C:\Users\Beatrice\Desktop\Application for Employment page 1.pdf
2021-05-03 14:24 - 2021-05-03 14:24 - 001431349 _____ C:\Users\Beatrice\Desktop\Application for Employment page 2.pdf
2021-05-03 13:53 - 2021-05-03 13:53 - 000105779 _____ C:\Users\Beatrice\Downloads\Carlton Cards Application Form.zip
2021-05-02 08:57 - 2021-05-02 08:57 - 000001873 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-05-02 08:57 - 2021-05-02 08:57 - 000001873 _____ C:\ProgramData\Desktop\Garmin Express.lnk
2021-05-02 08:57 - 2021-05-02 08:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-04-29 19:08 - 2021-04-29 19:08 - 000215488 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys
2021-04-29 19:08 - 2021-04-29 19:07 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2021-04-29 17:26 - 2021-04-29 17:27 - 000000000 ____D C:\Users\Beatrice\Desktop\Popcorn
2021-04-29 17:24 - 2021-05-02 11:58 - 000000000 ____D C:\Users\Beatrice\Desktop\Alison
2021-04-29 16:19 - 2021-04-29 16:19 - 000023411 _____ C:\Users\Beatrice\Downloads\Patagonia and Updates from Polar Latitudes.zip
2021-04-29 16:11 - 2021-04-29 16:11 - 000100578 _____ C:\Users\Beatrice\Downloads\RE_ Calls to Players.zip
2021-04-29 16:04 - 2021-04-29 16:06 - 000000022 _____ C:\Users\Beatrice\Downloads\Tonight's Meeting (1).zip
2021-04-29 09:50 - 2021-04-29 09:50 - 000035762 _____ C:\Users\Beatrice\Downloads\orderno.bmp
2021-04-29 09:32 - 2021-04-29 09:35 - 002215207 _____ C:\Users\Beatrice\Downloads\Tonight's Meeting.zip
2021-04-28 16:45 - 2021-04-28 16:45 - 000024496 _____ C:\Users\Beatrice\Downloads\SponsorReportApr21.pdf
2021-04-28 16:41 - 2021-04-28 16:41 - 000749506 _____ C:\Users\Beatrice\Downloads\statement (47).pdf
2021-04-28 16:37 - 2021-04-28 16:37 - 000200796 _____ C:\Users\Beatrice\Downloads\Donation of dictionaries.zip
2021-04-28 16:33 - 2021-04-28 16:33 - 002209437 _____ C:\Users\Beatrice\Downloads\FinApr29.pdf
2021-04-28 16:20 - 2021-04-28 16:20 - 000850173 _____ C:\Users\Beatrice\Downloads\PDF_104742096_2021-04-26_205.pdf
2021-04-27 11:10 - 2021-04-27 11:10 - 008014647 _____ C:\Users\Beatrice\Downloads\Fwd_ Innovators during Covid _).zip
2021-04-26 18:13 - 2021-04-26 18:13 - 010914729 _____ C:\Users\Beatrice\Downloads\Try One Of These.MP4.zip
2021-04-26 09:31 - 2021-04-26 09:31 - 005524781 _____ C:\Users\Beatrice\Downloads\Final notice - Virtual Meeting of Owners - May 11th, 2021, 7 p.m. - Smoking Rule.zip
2021-04-26 08:31 - 2021-04-26 08:31 - 000063035 _____ C:\Users\Beatrice\Downloads\Sales Invoice-Inv227548.pdf
2021-04-25 18:43 - 2021-04-25 18:48 - 000003069 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (69).csv
2021-04-25 16:49 - 2021-04-25 16:49 - 000010697 _____ C:\Users\Beatrice\Downloads\Registrations as of April 25, 2021.zip
2021-04-25 10:07 - 2021-04-25 10:07 - 000004131 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (68).csv
2021-04-25 10:01 - 2021-04-25 10:01 - 000000455 _____ C:\Users\Beatrice\Downloads\TeamSnap  Martingrove Baseball  Registration (67).csv
2021-04-25 10:00 - 2021-04-25 10:00 - 000039653 _____ C:\Users\Beatrice\Downloads\league registration (offline registration 2021 (final)) for martingrove baseball.csv
2021-04-25 09:50 - 2021-04-25 09:50 - 000835804 _____ C:\Users\Beatrice\Downloads\popcorn order form-Marcus and Roman - April 2021.pdf
2021-04-23 09:15 - 2021-04-23 09:15 - 000000968 _____ C:\Users\Beatrice\Downloads\FW_ Confirmation.zip
2021-04-21 17:57 - 2021-04-21 17:57 - 011087851 _____ C:\Users\Beatrice\Downloads\UofGH Science Rendezvous Virtual Event __Take Me To Space__ (1).zip
2021-04-21 17:34 - 2021-04-21 17:34 - 011087851 _____ C:\Users\Beatrice\Downloads\UofGH Science Rendezvous Virtual Event __Take Me To Space__.zip
2021-04-21 11:48 - 2021-04-21 11:48 - 017379121 _____ C:\Users\Beatrice\Downloads\April 14- Courtyard pictures.pdf
2021-04-17 16:36 - 2021-04-17 16:36 - 000069170 _____ C:\Users\Beatrice\Downloads\TorontoHydro_16-04-21.pdf
2021-04-16 21:57 - 2021-04-16 21:57 - 054749861 _____ C:\Users\Beatrice\Downloads\NextLevel_HealthChecks (1).MP4
2021-04-16 21:40 - 2021-04-16 21:40 - 000030092 _____ C:\Users\Beatrice\Downloads\RE_ 3 different Covid check lists (1).zip
2021-04-16 17:09 - 2021-04-16 17:09 - 000097690 _____ C:\Users\Beatrice\Downloads\document-0 (24).pdf
2021-04-15 19:04 - 2021-04-15 19:04 - 000030092 _____ C:\Users\Beatrice\Downloads\RE_ 3 different Covid check lists.zip
2021-04-15 17:42 - 2021-04-15 17:42 - 000235848 _____ C:\Users\Beatrice\Downloads\Popcorn Campaign Launch - today (1).zip
2021-04-15 17:40 - 2021-04-15 17:40 - 000235848 _____ C:\Users\Beatrice\Downloads\Popcorn Campaign Launch - today.zip
2021-04-14 09:34 - 2021-04-01 00:34 - 001678040 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-04-14 09:05 - 2021-04-14 09:06 - 054749861 _____ C:\Users\Beatrice\Downloads\NextLevel_HealthChecks.MP4
2021-04-13 23:06 - 2021-04-13 23:06 - 003281391 _____ C:\Users\Beatrice\Downloads\Popcorn sales.zip
2021-04-13 10:37 - 2021-04-13 10:37 - 000052667 _____ C:\Users\Beatrice\Downloads\550573-7819.PDF
2021-04-13 10:28 - 2021-04-13 10:28 - 000091857 _____ C:\Users\Beatrice\Downloads\Peperoni-Bonbons.pdf
2021-04-12 17:58 - 2021-04-12 18:54 - 000000022 _____ C:\Users\Beatrice\Downloads\Photos (43).zip
2021-04-12 17:15 - 2021-04-12 17:15 - 036391629 _____ C:\Users\Beatrice\Downloads\Raised Bed Construction 2021 (1).zip
2021-04-12 17:15 - 2021-04-12 17:15 - 030435687 _____ C:\Users\Beatrice\Downloads\Photos (42).zip
2021-04-12 17:13 - 2021-04-12 17:38 - 000000022 _____ C:\Users\Beatrice\Downloads\Raised Bed Construction 2021.zip
2021-04-12 14:08 - 2021-04-12 14:08 - 003269975 _____ C:\Users\Beatrice\Downloads\Scouts Popcorn Fundraiser (2).zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-12 11:20 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2021-05-12 11:19 - 2014-02-24 22:49 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3281177217-869368764-2006139627-1002
2021-05-12 11:16 - 2015-10-24 19:58 - 000000000 ____D C:\ProgramData\Avg
2021-05-12 11:15 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-05-12 11:13 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-05-12 09:44 - 2014-02-24 22:57 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\ClassicShell
2021-05-11 22:08 - 2013-10-07 03:40 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-05-11 20:54 - 2014-07-01 15:43 - 002920960 ___SH C:\Users\Beatrice\Desktop\Thumbs.db
2021-05-11 08:53 - 2014-02-24 22:43 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{E86B3FDE-7E6F-4AC9-87C7-512C4E67B12B}
2021-05-11 08:44 - 2013-08-26 02:09 - 000958016 _____ C:\Windows\system32\PerfStringBackup.INI
2021-05-11 08:44 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2021-05-10 22:03 - 2019-03-28 22:30 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-05-10 22:03 - 2018-10-15 22:50 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-05-10 22:03 - 2018-03-23 10:24 - 000003332 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-10 22:03 - 2018-03-23 10:24 - 000003204 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-10 22:03 - 2017-09-03 22:59 - 000003916 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-05-10 22:03 - 2017-02-23 21:49 - 000003938 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A8BB549A-4BE4-455E-9E7D-0D0CF353FA4E}
2021-05-10 22:03 - 2015-01-14 23:35 - 000003554 _____ C:\Windows\system32\Tasks\GarminUpdaterTask
2021-05-10 22:03 - 2013-10-07 03:42 - 000002990 _____ C:\Windows\system32\Tasks\Synaptics TouchPad Enhancements
2021-05-10 21:46 - 2021-01-25 22:29 - 000013598 _____ C:\Users\Beatrice\Desktop\Investments.xlsx
2021-05-10 07:42 - 2021-01-08 09:09 - 000000000 ____D C:\Users\Beatrice\Desktop\Steven and Amanda's payments
2021-05-05 19:20 - 2021-01-22 13:08 - 000000000 ____D C:\Users\Beatrice\Documents\2021 registrations
2021-05-03 19:01 - 2020-03-25 10:38 - 000000000 ____D C:\Users\Beatrice\AppData\Roaming\Zoom
2021-05-03 15:13 - 2016-07-31 22:35 - 000000000 ____D C:\Users\Beatrice\Documents\recepies
2021-05-02 10:03 - 2018-07-17 10:23 - 000000000 ____D C:\Users\Beatrice\AppData\Local\CrashDumps
2021-05-02 09:00 - 2015-01-14 23:35 - 000000000 ____D C:\ProgramData\Garmin
2021-05-02 08:57 - 2015-01-14 23:35 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-05-02 08:57 - 2013-10-07 03:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-30 22:14 - 2014-03-30 14:01 - 000000000 ____D C:\Users\Beatrice\Documents\Bea
2021-04-29 19:08 - 2019-01-17 23:18 - 000099384 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys
2021-04-29 19:08 - 2017-09-03 22:59 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2021-04-29 19:07 - 2020-10-22 19:53 - 000180576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2021-04-29 19:07 - 2020-06-16 22:42 - 000522520 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNetHub.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000365112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000250408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys
2021-04-29 19:07 - 2019-01-17 23:18 - 000035816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys
2021-04-29 19:07 - 2018-10-23 23:07 - 000041432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys
2021-04-29 19:07 - 2017-12-10 23:25 - 000212344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000850784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000467840 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys
2021-04-29 19:07 - 2017-09-03 22:59 - 000083008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2021-04-29 00:43 - 2014-02-24 22:39 - 000000000 ____D C:\Users\Beatrice
2021-04-27 23:14 - 2018-03-23 10:24 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 23:14 - 2018-03-23 10:24 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-27 23:14 - 2018-03-23 10:24 - 000002170 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-24 18:16 - 2019-03-28 22:29 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 15:06 - 2021-02-25 12:19 - 000000000 ____D C:\Users\Beatrice\Desktop\Batch Output 2021-02-25-1119
2021-04-16 12:33 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2021-04-14 20:03 - 2013-08-22 10:44 - 000486480 _____ C:\Windows\system32\FNTCACHE.DAT
2021-04-14 09:45 - 2014-02-26 18:21 - 000000000 ____D C:\Windows\system32\MRT
2021-04-14 09:38 - 2014-02-26 18:20 - 131963968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-04-12 20:15 - 2020-04-05 22:11 - 000000000 ____D C:\Users\Beatrice\Documents\Zoom
 
==================== Files in the root of some directories ========
 
2014-04-06 09:24 - 2014-04-06 09:24 - 000000000 _____ () C:\Users\Beatrice\AppData\Roaming\bitlord_log.txt
2014-09-29 23:04 - 2019-07-17 11:20 - 000000539 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.Desktop.Exception.log
2014-09-29 23:03 - 2019-07-17 11:22 - 000003874 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-09-29 23:04 - 2019-07-17 11:20 - 000000539 _____ () C:\Users\Beatrice\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-01-25 19:37 - 2015-01-25 19:37 - 000003584 _____ () C:\Users\Beatrice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2021-05-10 16:41
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-05-2021
Ran by Beatrice (12-05-2021 11:26:33)
Running from C:\Users\Beatrice\Desktop
Windows 8.1 (Update) (X64) (2014-02-25 02:41:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3281177217-869368764-2006139627-500 - Administrator - Disabled)
Beatrice (S-1-5-21-3281177217-869368764-2006139627-1002 - Administrator - Enabled) => C:\Users\Beatrice
Guest (S-1-5-21-3281177217-869368764-2006139627-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3281177217-869368764-2006139627-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.89 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\Amazon Kindle) (Version: 1.28.0.57030 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{1BC0225E-AF99-4434-92CC-615111CE698F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.3.3174 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Elevated Installer (HKLM-x32\...\{C3D3E0B3-6B8D-4AF4-B49A-3583E512ECE8}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
File Viewer Plus 4 (HKLM-x32\...\{5C61A881-C34E-405E-8C33-800821A618CF}_is1) (Version: 4.0.1 - Sharpened Productions)
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{034F279C-D74E-42F2-8CEC-216E91969B29}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{afe06296-a3d5-48cf-88a2-77629aeb124b}) (Version: 7.5.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CASL Framework (HKLM-x32\...\{5094249B-9542-4536-AE76-B769EE085C99}) (Version: 7.0.5.1 - HP)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{FF5C86D0-09EA-43B8-A11C-7B8F7DA7FC51}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{0F55124A-C00E-4227-A543-19389E732653}) (Version: 12.10.10.2 - Apple Inc.)
K-Lite Mega Codec Pack 10.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.29.8105 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zoom (HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\ZoomUMX) (Version: 5.6.5 (823) - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{1BD8B0E0-0FBF-4F56-8F11-CE09B34EAD2F}) (Version: 5.0.24936 - Zoom)
 
Packages:
=========
Box for Windows 8 -> C:\Program Files\WindowsApps\134D4F5B.Box_2.1.4.4_neutral__2qk4zy5s3qmee [2015-11-13] (Box, Inc.)
Browser Choice -> C:\Windows\BrowserChoice [2014-03-13] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-03-30] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-03-30] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-30] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-03-30] (Hewlett-Packard Company)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-24] (AMZN Mobile LLC)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-04] (.-McAfee Inc-.)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-03] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-26] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-26] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-26] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-16] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-30] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-10-28] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-24] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-08] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.29632_x86__06qsbagp91rvg [2015-03-30] (CYBERLINKCOM CORP)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3281177217-869368764-2006139627-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Beatrice\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3281177217-869368764-2006139627-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext64.dll [2006-12-11] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2007-05-05] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2014-02-06] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2013-08-19 16:48 - 2013-08-19 16:48 - 000016896 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-19 16:47 - 2013-08-19 16:47 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\5caf8dcde6219562e9675700f201fee9\A4.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\19c417a0e98dfe476b2b1b66e309f70c\AEM.Actions.CCAA.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\7cd947fba21d4208f00d7b234a037231\AEM.Plugin.EEU.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\a2463cb3d378e9f6e746cb68aa9a13ab\AEM.Plugin.Hotkeys.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\b2ab11bc9a2acb0d27d3579326d59183\AEM.Plugin.Audio.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\bd2cda4847f9c97cd7c3ca3676dab171\AEM.Plugin.DPPE.Shared.ni.dll
2021-02-14 09:56 - 2021-02-14 09:57 - 000281600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\d1fdf4a5acb048d5aceef1220522ef19\AEM.Plugin.Source.Kit.Server.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\9d94b66555d55fc6037514e8fe754092\AEM.Plugin.WinMessages.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\e4dea05701b9444308bc42ad8459ff8c\AEM.Plugin.REG.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\0b89671b96f75597d95354ce0e182101\AEM.Plugin.GD.Shared.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\799fdd0eaa6de40e4dd3d5947c9a20fe\AEM.Server.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\8b3e49d472d523a46e9eccb5f15e58a2\AEM.Server.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\61f71f1e2e67945f62ee5967ece27518\APM.Foundation.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\0d8b16a7907f6d53c7bfcc2f9f8cfd9f\ATICCCom.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\e3307acaedce87488704577cc9f14746\CCC.Implementation.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\9d31fc6c1d912ac659951955b6b12bd2\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000153088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\2d274aa0c01272c95de1a44ae71370e1\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\1d3a08facfef033e0547609e2ed36cca\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\1e050cb5ad6a08f42f6b8dba2a1133ac\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\a794f22d3ab272e6e0bf79bf56553614\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000072192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.398e7f7a#\f9ae277a2c2cf82b3935730aa4bc3e05\CLI.Aspect.A4.A4.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\0d4f481ae7d5461260288f9912b88f1c\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\3b987e16805b11555ffe7533d2737b9b\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\e65b702d70cad81b9ef8a7d1324dbcd9\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\e134e2350972c5a8ea1d77ef4aaef46f\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\115c55311870c6227c08dae465c79cc8\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\49cd26f6067a2f6e860548850dc5917b\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\c68b115bc7ca0903ded5dc6500acb906\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\476c77b1b9fb90da7fabe85b1f9acc58\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\5f2d3d36507bba5b4275aa760ec91614\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\54af8486786ba2e7ca2e1a66838cddba\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000616960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\5f3ba86581a914ec2892f06eb93c0fff\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2021-01-18 18:27 - 2021-01-18 18:27 - 000741376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\0aeaa63c5d68daff3ad87ff446416458\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\c09825447838e15c518dba2815342160\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\c4aafe6a2594850c7774594610002325\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\f54bcf370c9c23731b2850f5e39f0b2e\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\fe2e81664d2ad1d127e48d9f0dbb0a58\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\bb2e8afb87e63c2869dd89c2baaaeb1f\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\856f1b5153500f13c9083480bcedf8b4\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000313344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\3b5da5a6f888772a0a26a2c035bc8289\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\6b4605cca88eed21d78e4d49dd9d56f9\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\286ad41247a6a00cd4b744b0a0a2e094\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\caf269e4ca7e0882ffc3d4d3b0a2065f\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e76f4137#\0bc372edd48ebe18170deafd3e99cc93\CLI.Aspect.A4.A4.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000273408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\80ba3e3f742710fde6c8738d5e13dca1\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 003358720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\757abe95480bca690a28ff35a287e2d4\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000240128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\f74c2454e760893a08f82df740db579e\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\fecb8205195c0dac6245643997f544a2\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\78b217a1444be6ed60dd887124251230\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f38af62f#\b1f3a46a8d07a2e560ad141479156686\CLI.Aspect.A4.A4.Runtime.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\152492b077b993ea33266af76be6b1b0\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\ad7f56ffe9339dd628bfc8d2eced27e4\CLI.Caste.A4.Runtime.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\e3bf0aa8e1a5b7a00227877127b51e9c\CLI.Caste.A4.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\5e054128c0921dcf3562f21612af1050\CLI.Caste.A4.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\c3e426c78d165e7bfcc93f5afc61000a\CLI.Caste.Fuel.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\4dfc03c70741a09265cb8e553ac38bba\CLI.Caste.Fuel.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\09fb6b6d126d23f8dc3d052ec6c21f3d\CLI.Caste.Fuel.Dashboard.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\2a78ba7d1deb632e6871bcd848df92d1\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 001548800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\d2920d526f05b1df47520070ce3b367c\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000472576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\63d775a46ef3bdb38c25175c37395e04\CLI.Caste.Graphics.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\335b8033ea6b45bdde6ed37a491b7913\CLI.Caste.HydraVision.Runtime.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\d5b99b8afbfbf63c71d38d2d1c622646\CLI.Caste.HydraVision.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\64c2dc3940e59d30c6887fcabb011395\CLI.Caste.HydraVision.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\cad57680113d45fab4f9628bb62285b8\CLI.Caste.Platform.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\4342ed9a5c35d7afa4731e290974925e\CLI.Caste.Platform.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\eedd25ab6a1ec163e358e6651c4e4275\CLI.Caste.Platform.Dashboard.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\3b4787682bae770f963b1c72dee9b5bd\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\19cf9152f3919577f9636c244d78c39a\CLI.Component.Runtime.Shared.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\48cf95d6db144d0ac1d04458d5748374\CLI.Component.Dashboard.ProfileManager2.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\8eff78fe335609082406083f39e6bc05\CLI.Component.Runtime.Shared.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\3d7831c48bd5ab90eebc8011b6a8406c\CLI.Component.Runtime.Extension.EEU.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 001603584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\e4347a0b0603ec1186e7801c9366f556\CLI.Component.Dashboard.Shared.Private.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\6628f13757ca09560ad417de16a16a5f\CLI.Component.Client.Shared.ni.dll
2021-01-18 18:24 - 2021-01-18 18:24 - 000084480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\6e213d8868c830e3c75b6da8bc069e18\CLI.Component.Dashboard.Shared.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\245644882251b20a49552c84cda942aa\CLI.Foundation.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\c4655b668a6da43499edd167a80927da\CLI.Foundation.XManifest.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\c30f82703426bad2e4c96c0d90492caa\CLI.Foundation.CoreAudioAPI.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000934400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\ab14806956154712f94fc0147761dab6\CLI.Foundation.Client.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\2d554629eafc8480c5b73575428b270f\CLI.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\e695b6f27b0bb4320f9fddcfafec9d66\DEM.Graphics.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\267a21f29702ed5f542e5178e47bc415\Fuel.Foundation.ni.dll
2021-02-14 10:00 - 2021-02-14 10:00 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\ddf5b7d0723687080f9ce40f44b72bfd\LOG.Foundation.Implementation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\3201bc042bf80f30a23e2067dfe51ec6\LOG.Foundation.Private.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000087040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\e9837ed6da48a5b81b648adebb570d00\LOG.Foundation.Implementation.Private.ni.dll
2021-02-14 09:56 - 2021-02-14 09:56 - 000123392 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\32b7153488399379a618241d18da9722\LOG.Foundation.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\a6e2d46ba278b6bdaf9c46e087544e95\MOM.Foundation.ni.dll
2021-01-18 18:30 - 2021-01-18 18:30 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\a8b816a2d7e76c7597224201df8c79cd\MOM.Implementation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\047ef198e7027a7bea26ebb0fa4825d4\NEWAEM.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000774656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\cdc03450858662ef1e91227cd00302e0\ADL.Foundation.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 000250880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\4429e5d4974410c2b3ff77aef4e16141\APM.Server.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000297984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\9a6d62f810534f3f28c4120fc7d94cd5\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 001652736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\4df40e7ed0ff422871ca396de614c2d6\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2021-02-14 09:58 - 2021-02-14 09:58 - 000740864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\aacdf444aeacdee5b5e387d794ebba07\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 002559488 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\b851a0124a5e15bfd24977ea0caf540b\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000989696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\48ff0249440fda720f1ec9cf306be922\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\d71070fd44d8c68f235a200078ac41ab\CLI.Component.Client.Shared.Private.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000233472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\c308917db4bb833d6ce34e35278fe4b5\CLI.Component.Runtime.ni.dll
2021-02-14 09:59 - 2021-02-14 09:59 - 000914944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\e35b18a0904ee2c8b77178d4b297ce1e\CLI.Component.Dashboard.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\1a37310c265d41260b2c0ef61528786a\DEM.Graphics.I0706.ni.dll
2021-01-18 18:26 - 2021-01-18 18:26 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\e7870665ed7c5404fe5c5819b3bf6d45\DEM.Graphics.I0709.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\bbc215885d614c55ef6df7ee579f6471\DEM.Graphics.I0712.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\6de2027a71ec00655e9cab404146a863\DEM.Graphics.I0804.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\a5c2a762ac8fbc4887f9837633b9c320\DEM.Graphics.I0805.ni.dll
2021-01-18 18:29 - 2021-01-18 18:29 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\7cc772a1935ec5de5a8b516127016bfa\DEM.Graphics.I0812.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\9178266edd54e8c453f513f575e57055\DEM.Graphics.I0906.ni.dll
2021-01-18 18:25 - 2021-01-18 18:25 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\f56dc4dbc2fe29efa48a8b810cf5c253\DEM.Graphics.I0912.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\68fd1b0c1862cc13d30c92f58a5c3568\DEM.Graphics.I1010.ni.dll
2021-01-18 16:22 - 2021-01-18 16:22 - 001005568 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\7629198ada60b0cdd67d062a417f4a76\Localization.Foundation.Private.ni.dll
2021-02-14 10:01 - 2021-02-14 10:01 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\3cc558d2326936a31cf62a5e722bb0dc\ResourceManagement.Foundation.Implementation.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\30db84b3f7036da81e900b5e63b162b3\ResourceManagement.Foundation.Private.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\267605f5e60e7f1ee135e01bb0d4d6be\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2021-02-14 09:57 - 2021-02-14 09:57 - 002286592 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\b1eace4370ff5b323e2744a4b0a7b2f0\CLI.Caste.Graphics.Shared.ni.dll
2021-01-18 18:28 - 2021-01-18 18:28 - 002788864 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\284c65ef13d9764d51d089b8c06a0340\CLI.Caste.Graphics.Runtime.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000025600 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\76b5be2201eb8a8521577159281555fe\DEM.Foundation.ni.dll
2021-01-18 16:21 - 2021-01-18 16:21 - 000115200 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\20294701afa4090b16b58e5ada6f0aa1\DEM.Graphics.I0601.ni.dll
2011-04-29 12:34 - 2011-04-29 12:34 - 000927232 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 12:34 - 2011-04-29 12:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-04-29 20:08 - 2011-04-29 20:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 12:15 - 2010-08-06 12:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 12:15 - 2010-08-06 12:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\Windows\SYSTEM32\hpzipr12.dll
2014-01-18 18:12 - 2014-01-18 18:12 - 002271424 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-01-18] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-03-30 21:28 - 2018-12-03 12:24 - 000000041 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Beatrice\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.2.1 - 207.164.234.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "BlackBerryLink.exe"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "RIMDeviceManager"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-3281177217-869368764-2006139627-1002\...\StartupApproved\Run: => "GarminExpress"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C38017F8-E0E8-4B42-89D2-849D1FB92D12}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5114AAF1-933F-48E2-B065-8FD049CD208B}] => (Allow) LPort=2869
FirewallRules: [{8A63499F-BA73-4586-9EFD-A4E8BE6C67DA}] => (Allow) LPort=1900
FirewallRules: [{06F2CB04-A283-4B52-B8AA-229C717AFC13}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9BE17BA2-312C-4A9E-8EAD-5EEF4C17223A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1EFE606F-A8FC-4435-8FD8-765B3E043242}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{842CDB17-A5DE-4194-BA3F-443B0EE2AEE4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7CADD1D8-196B-4BFA-8606-09D4A1D2DC3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe => No File
FirewallRules: [{3CB5F53A-8944-4F29-8D84-80BDE5F50762}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B0D5AAE4-97F0-4FE8-982D-5A99C8DB57A7}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{142E4A0A-587A-4D65-BC6B-BD25D7B42F84}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{DCE51DE1-18DC-40E0-A2BB-2EC4E1264899}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4830FFDE-4BDC-49C9-B241-280544DA7EC3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C9B42E5F-A389-4CAE-B246-9BD01E019D3C}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7AE58E2A-6850-48BE-A271-D3CC2B44C5CB}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{D740E82B-1F84-4ADD-9F7E-EFB526EDDD03}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{B1DA0F5A-40E9-403E-8D94-4B0F9FA3996B}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{F56BEE0E-1B0F-4925-914C-727FF4C8E757}C:\users\beatrice\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\beatrice\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{0E6742E6-D825-48A0-9E15-9578D030152E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{64DB1C5C-FA5D-4632-972C-AFF6BDCD0DA4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E3C51DF4-EA9A-4381-9B60-732C750E9261}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39C5FD0D-9617-4811-96B7-6F4584EE9163}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3904ACB-D723-40B0-84FC-82CD131424AC}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{96F34E72-338C-43F4-A665-A3D6DA664BE4}] => (Allow) C:\Users\Beatrice\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FFEA73B4-26C7-4B76-B566-16B7EC746F1B}] => (Allow) C:\Users\Beatrice\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ED614057-4496-4D36-A24E-5BBF11F5473B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9C7642F9-4C29-4714-9D3F-A67324DC94C3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{311DF5C6-0821-4189-9756-DEFB77C9F34B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C863362F-668C-42B9-B273-881A20C7AF5A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{09C6ABE0-D192-4E3E-884C-CB4878B1A6BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CE833B81-9D44-448B-96C2-F97E034B6190}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{B635B7F1-B07B-4141-B333-3E7E282E9795}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{7D467B21-A5CB-4ED0-A49E-24406CD321CC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{F7814187-F802-46DD-9F33-D8B7B42C3F46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{92BC6056-5737-411B-B1A6-6B3964BA46D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe => No File
FirewallRules: [{81B98103-2BCB-49CB-9519-1150EAB1CEA5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe => No File
FirewallRules: [{4F9307C3-1BB3-4471-9D2F-5AE3BA04A065}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{1E3E99D4-0E24-4476-95E7-042F505D5D67}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4310A9AF-CF57-42E5-A26D-B5F21B061E1A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{572F5BBF-8E6A-4F0C-881F-F2EBAD2F1529}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4B5C33EF-94D5-4B92-B821-6326F0360055}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
27-04-2021 11:32:04 Scheduled Checkpoint
02-05-2021 08:53:49 Garmin Express
02-05-2021 08:54:58 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820
11-05-2021 08:56:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (05/12/2021 11:13:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (05/12/2021 10:47:49 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (05/12/2021 10:47:13 AM) (Source: DCOM) (EventID: 10010) (User: Beatrice)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (05/12/2021 10:47:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.22 09/27/2013
Motherboard: Hewlett-Packard 213B
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7643.95 MB
Available physical RAM: 5080.02 MB
Total Virtual: 8859.95 MB
Available Virtual: 6058.52 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:541.71 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.03 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{ef62169f-32b1-4fb5-ac9c-72b6ac8ca640}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.1 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#12
Beatriceswiss
Posted 12 May 2021 - 09:50 AM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

I completed the Task Schedule items from Post #10. But when I tried to run OOSU10, a message said to first install Windows 10.  This laptop has Windows 8.1.  So it wouldn't let me run OOSU10.  The tasks are still disabled.

 

After disabling the tasks, I found that I could not log into my email.  Unrelated to the email issue, I got a message on the screen about something regarding an inability to save files.  I re-enabled the tasks, and my email functions again, and the message has disappeared.


Edited by Beatriceswiss, 12 May 2021 - 10:11 AM.

  • 0

#13
RKinner
Posted 12 May 2021 - 10:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  Missed out on the 8.1.  Not sure why the tasks should have had an effect on mail or files.  They are mostly just Microsoft being nosy and wasting your bandwidth and CPU.

 

Looking at the fixlist results it was unable to run SFC or DISM which it should have been able to do. Let's try it manually:

 

 

Open an elevated command prompt:

http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


  • 0

#14
Beatriceswiss
Posted 12 May 2021 - 11:38 AM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

The DISM cleanup is at 20% after about 30 minutes.  Continue to let it run?

 

It's been running for about an hour, but it now shows 40%.  I will let it run, hopefully to 100%.


Edited by Beatriceswiss, 12 May 2021 - 11:48 AM.

  • 0

#15
Beatriceswiss
Posted 12 May 2021 - 11:53 AM

Beatriceswiss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

It finished.  This message appeared: DISM Failed.  No operation was performed.  For more information, review the log file.

 

Should I reboot and do the sfc /scannow, or wait for further instructions?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP