[Rodger899]

Hard page defaults

Attached Thumbnails

• 

[Advertisements]

Go to https://www.speedtest.net/

Once the page loads, hit Go.  Wait for it to finish.  What download speed does it show?

 

Search for

device manager

hit Enter

Click on the arrow in front of Network Adapters

Right click on

Realtek PCIe GBE Family Controller

Select Properties

then Power Management

Uncheck:  Allow the computer to turn off this device to save power.

OK.

then Driver tab

What date does it show for the driver?

If it doesn't show

5/11/2021

then go to

https://www.realtek....xpress-software

Click on the download for

Win10 Auto Installation Program

Put in your email address.

When the captcha comes up you usually get a simple sum.  Just add the two numbers and type in the result and the download should start.  Save the file.

 

When done (rather slow download be patient) go to the download folder and right click on the file and Extract All. Extract.  Right click on the extracted file and Run As Admin.

Usually you need to have it remove the old driver first (unless it offers to update the driver - usually it just says Repair, Modify or Uninstall).  Once it uninstalls the driver (no need to reboot) just right click on the extracted file again and Run As Admin and it should offer to install the driver.  Tell it to do that.  When it finishes you should now have the 5/11/2021 version showing in Device Manager.  Do you?  Also check that Power Management still has the box unchecked.

 

Go to https://www.speedtest.net/

Once the page loads, hit Go.  Wait for it to finish.  What download speed does it show?

[RKinner]

Go to https://www.speedtest.net/

Once the page loads, hit Go.  Wait for it to finish.  What download speed does it show?

 

Search for

device manager

hit Enter

Click on the arrow in front of Network Adapters

Right click on

Realtek PCIe GBE Family Controller

Select Properties

then Power Management

Uncheck:  Allow the computer to turn off this device to save power.

OK.

then Driver tab

What date does it show for the driver?

If it doesn't show

5/11/2021

then go to

https://www.realtek....xpress-software

Click on the download for

Win10 Auto Installation Program

Put in your email address.

When the captcha comes up you usually get a simple sum.  Just add the two numbers and type in the result and the download should start.  Save the file.

 

When done (rather slow download be patient) go to the download folder and right click on the file and Extract All. Extract.  Right click on the extracted file and Run As Admin.

Usually you need to have it remove the old driver first (unless it offers to update the driver - usually it just says Repair, Modify or Uninstall).  Once it uninstalls the driver (no need to reboot) just right click on the extracted file again and Run As Admin and it should offer to install the driver.  Tell it to do that.  When it finishes you should now have the 5/11/2021 version showing in Device Manager.  Do you?  Also check that Power Management still has the box unchecked.

 

Go to https://www.speedtest.net/

Once the page loads, hit Go.  Wait for it to finish.  What download speed does it show?

[Rodger899]

The PC seems much quicker now thank you. The boot sequence is significantly quicker.

 

On download speeds, I didnt have an issue on this PC. He gets 29.46Mbps and our line is 30Mbps, so thats good. 

 

I still can't get one of his games to load, but think that may be to do with the GPU. I'm first going to check with EA why it won't load and then check the GPU more thoroughly.

 

You have been a huge help, thank you. Do you have a donation page where we can contribute towards geekstogo?

[RKinner]

FRST says you have two Origin entries unchecked in MSCONFIG:

 

MSCONFIG\Services: Origin Client Service => 3

MSCONFIG\Services: Origin Web Helper Service => 2

 

 

EA games usually require Origin in order to work. 

 

Also you have

MSCONFIG\Services: DSAService => 2

MSCONFIG\Services: DSAUpdateService => 3

HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"

 

I would check them and reboot then uninstall

Intel® Driver & Support Assistant

The program is notoriously unstable (and it won't all uninstall if part of it is unchecked in MSCONFIG.

 

Also uninstall Speccy and Latency Monitor.

 

If you don't really need Java 8 Update 301 I would uninstall both versions.

 

You also have several programs associated with the GPU in msconfig.  This can interfere with updates so I think I would just check everything and reboot.  Download the latest version of GPU software again then uninstall the old and reinstall the new.

 

Since you appear to be satisfied with the performance we will stop now.  This is my canned goodbye speech:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyouopen them.

Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.
 If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want OpenShell:

https://github.com/O...Open-Shell-Menu

  This program will make Win 10 act like Win 7 with the same controls you are used to.
Download Link:
https://github.com/O...tup_4_4_131.exe


Recommended free software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner  (and Chrome) if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it.

Download YouTube Videos:  4K Video Downloader (Separate Program) https://www.4kdownlo...videodownloader
You have to copy the URL then hit the + button on the program.  Then select quality. There is a license activate window but you just close it.With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

 

There is a new program called Windows Debloater that you might want to experiment with in order to speed up Windows:

https://freetimetech...at-tool-by-ftt/

It's a bit technical so not for everyone.  Make sure you set a Restore point before making any changes so you can back everything out if things don't work right.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!

 

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron

 

 

 

 

[Rodger899]

Lol, how did you know it was Origin that was giving me trouble. I am at wits end with it at present. Tried everything EA have suggested, also ticked the two Origin files that you mentioned above and still can't get this game to work. My only deduction is that possibly the GPU is operating sub optimally. I downloaded the Geforce Experience and tried to optimise the game through there, but no success either. I'm not sure if you know how to check if the GPU is performing as it should?

[RKinner]

Search for

dxdiag

Click on Run As Administrator

When it finishes click on Save All Information

It will save it as DxDiag.txt.  Note the location.  Close the program then attach dxdiag.txt to a reply

 

Also try the userbenchmark program again as before.  It does a pretty good test of the GPU but wasn't happy with it the first time.

[Rodger899]

I have sadly just got back from taking the PC in to the local repair shop, I was just too frustrated with not getting it to work.

 

I want to thank you for your selfless effort with me. There really should be more people in the world like you, thank you very much. I will definitely be making a donation to Kwiaht on your behalf. 

 

Once again, thank you very much for your assistance. 

 

Regards

Rodger

[RKinner]

OK.  When you get it back run DXDIAG and the Userbenchmark and let's see if they really fixed it.

[Rodger899]

Hi Ron,

 

I hope you well. I eventually decided to replace the hard drive and put in an SSD, so everything is working as it should on the PC. Once again, thank you for your help.

 

Could I be a nuisance and ask if you have a look at my laptop's FRST logs and see if you spot anything there please? It too has become slow, and just sort of hangs for a second or two and then I can carry on.

 

Many thanks

[RKinner]

Be glad to.  Just post them as a REPLY.  No need to start a new topic.

[Rodger899]

Thank you, I'll post below

[Rodger899]

 That's odd... it won't let me paste into this box from my laptop. I have attached the files for you. 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2021
Ran by User (administrator) on DELL (Dell Inc. Inspiron 5547) (20-09-2021 10:33:44)
Running from C:\Users\User\Downloads
Loaded Profiles: User
Platform: Windows 10 Home Version 21H1 19043.1237 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͦ400.inf_amd64_4021c2cb607d5b92\B366217\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepositoryͦ400.inf_amd64_4021c2cb607d5b92\B366217\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(DigitalPersona, Inc. -> DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe
(Pervasive Software, Inc. -> ) C:\PVSW\bin\w3dbsmgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [165928 2021-08-31] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [DpTsClnt] => Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3955888 2015-09-01] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [MMReminderService] => C:\Program Files\MindManager 21\MMReminderService.exe [127808 2020-09-18] (Corel Corporation -> Mindjet)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe [77824 2018-10-10] (Sun Microsystems, Inc.) [File not signed]
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18036608 2019-09-05] (Zwift, Inc. -> Zwift, Inc) [File not signed]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2021-08-10] (Intel Corporation -> Intel)
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30871536 2019-09-18] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-10-30] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\MountPoints2: {06d52b93-0120-11ec-83bf-34de1a1ceec6} - "D:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\MountPoints2: {12b50b74-bc93-11eb-83a0-34de1a1ceec6} - "D:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\KOAYTJ_P: C:\Windows\System32\spool\prtprocs\x64\KOAYTJ_P.DLL [92680 2019-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Monotype Imaging Inc.)
HKLM\...\Print\Monitors\C364SeriesPCL Language Monitor: C:\WINDOWS\system32\KOAYTJ_L.DLL [25600 2019-05-15] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\WINDOWS\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM\...\Print\Monitors\HP c111 Status Monitor: C:\WINDOWS\system32\hpinkstsc111LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\93.0.4577.82\Installer\chrmstp.exe [2021-09-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}] -> C:\Program Files\MindManager 21\sys\MmInternetExplorerActiveSetup.vbs
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk [2018-11-05]
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe (Pervasive Software, Inc. -> )
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2021-07-12]
ShortcutAndArgument: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN42H1N1GQ05XJ;CONNECTION=USB;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01DBE1D9-48AD-458A-9E51-9C6EE22427E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {169570C8-9C5B-434B-8E84-123F79B06BB5} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1713952 2021-04-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {19C9EF0B-523E-4B0C-8FD6-4B101D2FADEF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [62752 2021-04-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {22A151E3-2028-452A-81C5-4E9AC45F22EA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {329CF401-30DF-4164-9A94-76C144CBAECC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {33D3B01E-52B0-4595-965B-B1A0EFA2CFD6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-09-18] (Garmin International, Inc. -> )
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3EC76EC2-A879-4698-A706-B06CE5A26824} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [113536 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C1A0A49-AC5E-4FBE-BD9C-C7ED85BF4D03} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {565F1CE8-191F-4B75-9047-81CC89CD0F1D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {61EE472C-DE86-49B4-8C07-291DDD9C7770} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {72EE46E0-9180-4852-853F-506F42BB48DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7F83C63E-B10A-4005-8ACA-18AE2A6D9A07} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3075936 2021-07-21] (Intel Corporation -> Intel Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87AA307C-44ED-4E20-905D-AE8D24F3CCD2} - System32\Tasks\PCDBackgroundMonSetup => C:\Program Files\My Dell\pcdrcui.exe
Task: {93880007-352F-4888-A063-6F9FDD330BF6} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {A49B7CE2-3FA0-4F19-8A25-D983881DAF51} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\sedlauncher.exe
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {E1C0E00C-2AB7-4A90-9F8F-31350DBD2DFE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1060384 2021-08-20] (Dell Inc -> Dell Inc.)
Task: {E96B2EDB-8935-4C8A-9E11-7ACEF70BDB6B} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [268576 2021-04-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F29DD711-5D4E-41C3-90AD-1E2D4D56BCD1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F661BE9D-3ADB-428D-A634-37A6F0649315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
Task: {F7B853F2-1FBA-42B2-9AC0-739780551F0C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-05-23] (Google Inc -> Google Inc.)
Task: {FAA85201-D5BB-4A6D-8A83-CDF93A0F797B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1155480 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{13cd96fe-9e75-48a6-b2ca-8b5167cce406}: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{57c85a79-2acc-4aa7-920c-605db54869d9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c9d32de-5335-4fa2-8a34-f65bd46935e2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6c9d32de-5335-4fa2-8a34-f65bd46935e2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b18e01f8-0bfc-4d6f-acf7-c90343f36464}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-20]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Alexa Traffic Rank) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2020-05-27]
Edge Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2020-04-23]
Edge Extension: (True Key™ by McAfee) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2020-12-17]
Edge Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2021-09-14]
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2021-09-20]

FireFox:
========
FF DefaultProfile: eys3jtko.default-1536150662053
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eys3jtko.default-1536150662053 [2021-09-16]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-18] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-09-20]

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-09-20]
CHR Notifications: Default -> hxxps://178887483213093.eu.webpush.freshchat.com; hxxps://book.qantas.com; hxxps://dnschecker.org; hxxps://elite-cv.com; hxxps://homes.trovit.co.za; hxxps://messages.google.com; hxxps://petcube.com; hxxps://www.banggood.com; hxxps://www.indiatoday.in; hxxps://www.instagram.com; hxxps://www.makro.co.za; hxxps://www.netflix.com; hxxps://www.newsbreak.com; hxxps://www.oberlo.com; hxxps://www.pricecheck.co.za; hxxps://www.quickresults.net; hxxps://www.radissonhotels.com; hxxps://www.reddit.com; hxxps://www.shawacademy.com; hxxps://www.tomsguide.com; hxxps://www.travelstart.co.za; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.sweet-page.com/?type=hp&ts=1410506580&from=cor&uid=HitachiXHTS545050B9SA00_091120PBG401Q7CT9S9VX","hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (DuckDuckGo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-09-03]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-23]
CHR Extension: (Alexa Traffic Rank) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2020-05-24]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-08-06]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-09-13]
CHR Extension: (TweetDeck by Twitter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-05-23]
CHR Extension: (Auto History Wipe) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgnienkeomlaeeojaibeicglpoaadnj [2020-11-11]
CHR Extension: (goo.gl URL Shortener (Unofficial)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2017-07-24]
CHR Extension: (Zoom Scheduler) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2021-08-31]
CHR Extension: (True Key™ by McAfee) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeldjopgciegccabfohnefghfpinncn [2020-12-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [426528 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3835424 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [452640 2021-08-02] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCD\SupportAssist\Dsapi.exe [1020584 2021-07-28] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38600 2021-07-20] (Dell Inc -> )
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [36792 2021-08-10] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [176568 2021-08-10] (Intel Corporation -> Intel)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-08-31] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-08-31] (ESET, spol. s r.o. -> ESET)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-08-19] (HP Inc. -> HP Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39968 2021-08-20] (Dell Inc -> Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13172752 2020-01-22] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2021-09-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [43400 2021-07-28] (Microsoft Windows Hardware Compatibility Publisher -> Dell Technologies)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [169424 2021-08-31] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [123472 2021-08-31] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15824 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [194776 2021-08-31] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43904 2021-08-31] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70232 2021-08-31] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107456 2021-08-31] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2021-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [52832 2012-01-17] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2018-06-27] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
S3 PcaSp50; C:\WINDOWS\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (PRINTING COMMUNICATIONS ASSOC., INC. -> Printing Communications Assoc., Inc. (PCAUSA))
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-20 10:26 - 2021-09-20 10:26 - 002304000 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2021-09-20 10:26 - 2021-09-20 10:26 - 000000000 ____D C:\Users\User\Downloads\FRST-OlderVersion
2021-09-20 10:25 - 2021-09-20 10:34 - 000000000 ____D C:\FRST
2021-09-20 09:56 - 2021-09-20 09:56 - 000024968 _____ (Dell) C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-09-20 09:48 - 2021-09-20 09:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-09-19 21:15 - 2021-09-19 21:15 - 000330364 _____ C:\Users\User\Downloads\Afrikaanse Projek GR 6.pdf
2021-09-16 15:12 - 2021-09-16 15:12 - 002968460 _____ C:\Users\User\Downloads\SEP-LG 2020 - WC044 George Municipality-converted.xlsx
2021-09-16 14:30 - 2021-09-16 14:30 - 001243545 _____ C:\Users\User\Downloads\WC044 George 2018 Socio-economic Profile (SEP-LG) F .pdf
2021-09-16 08:49 - 2021-09-16 08:49 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-16 08:48 - 2021-09-16 08:48 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-09-15 15:44 - 2021-09-20 09:50 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2021-09-15 11:10 - 2021-09-15 11:10 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-15 11:10 - 2021-09-15 11:10 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-15 11:10 - 2021-09-15 11:10 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-15 11:10 - 2021-09-15 11:10 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-15 11:10 - 2021-09-15 11:10 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-15 11:10 - 2021-09-15 11:10 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-15 11:09 - 2021-09-15 11:09 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-15 11:09 - 2021-09-15 11:09 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-15 11:09 - 2021-09-15 11:09 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-15 11:09 - 2021-09-15 11:09 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-15 11:09 - 2021-09-15 11:09 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-15 11:09 - 2021-09-15 11:09 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-15 11:09 - 2021-09-15 11:09 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-15 11:09 - 2021-09-15 11:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-15 11:08 - 2021-09-15 11:08 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-15 11:08 - 2021-09-15 11:08 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-15 11:08 - 2021-09-15 11:08 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-15 11:08 - 2021-09-15 11:08 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-15 11:08 - 2021-09-15 11:08 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-15 11:08 - 2021-09-15 11:08 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-15 10:41 - 2021-09-15 10:41 - 000002144 _____ C:\Users\Public\Desktop\MindManager 21.lnk
2021-09-15 10:41 - 2021-09-15 10:41 - 000002063 _____ C:\Users\Public\Desktop\MindManager Snap 21.lnk
2021-09-15 10:41 - 2021-09-15 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MindManager 21
2021-09-15 10:40 - 2021-09-16 12:22 - 000000000 ____D C:\Program Files\MindManager 21
2021-09-15 10:40 - 2021-09-15 10:40 - 000000000 ____D C:\ProgramData\Mindjet
2021-09-15 10:30 - 2021-09-15 10:30 - 000000000 ___HD C:\$WinREAgent
2021-09-14 18:58 - 2021-09-15 10:05 - 000000000 ____D C:\Users\User\Downloads\Mindjet MindManager 2021 v21.0.261 (x64) Final + Crack
2021-09-14 16:41 - 2021-09-14 16:41 - 000480086 _____ C:\Users\User\Desktop\Karen DHE.pdf
2021-09-14 16:39 - 2021-09-14 16:39 - 000317125 _____ C:\Users\User\Desktop\Karen ID.pdf
2021-09-14 16:36 - 2021-09-14 16:36 - 001755377 _____ C:\Users\User\Desktop\Karen Application.pdf
2021-09-14 14:28 - 2021-09-14 14:28 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Downloads\procexp (1).exe
2021-09-14 14:26 - 2021-09-14 14:26 - 002101944 _____ (Malwarebytes) C:\Users\User\Downloads\MBSetup-119967.119967-consumer.exe
2021-09-14 14:25 - 2021-09-14 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-09-14 14:25 - 2021-09-14 14:25 - 000000000 ____D C:\Program Files\7-Zip
2021-09-14 14:23 - 2021-09-14 14:23 - 001447178 _____ (Igor Pavlov) C:\Users\User\Downloads\7z1900-x64.exe
2021-09-13 15:54 - 2021-04-19 20:52 - 001865864 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-09-13 15:54 - 2021-04-19 20:52 - 001446528 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-09-13 15:54 - 2021-04-19 20:52 - 001101728 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-09-13 15:54 - 2021-04-19 20:52 - 000954912 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-09-13 15:46 - 2021-09-13 15:46 - 000000000 ____D C:\WINDOWS\{1BC0F99A-3593-4A78-9397-A55D35037A2A}
2021-09-13 15:36 - 2021-08-12 15:19 - 001151992 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2021-09-13 15:30 - 2021-09-13 15:34 - 004982207 _____ C:\Users\User\Downloads\Install_Win10_10050_09012021.zip
2021-09-13 15:26 - 2021-09-13 15:26 - 000000414 _____ C:\Users\User\Downloads\fixlist (1).txt
2021-09-13 13:27 - 2021-09-13 13:27 - 000000998 _____ C:\Users\User\Downloads\fixlist.txt
2021-09-13 13:09 - 2020-08-21 09:36 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2021-09-13 13:05 - 2021-09-13 13:05 - 000000000 ____D C:\Users\User\AppData\Local\Resplendence
2021-09-13 13:05 - 2016-12-17 20:59 - 000028928 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspWhy64.sys
2021-09-13 13:03 - 2021-09-13 13:03 - 003040528 _____ (Resplendence Software Projects Sp. ) C:\Users\User\Downloads\WhySoSlowSetup.exe
2021-09-13 13:03 - 2021-09-13 13:03 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\User\Downloads\LatencyMon.exe
2021-09-13 12:51 - 2021-09-13 12:52 - 008234296 _____ (Piriform Software Ltd) C:\Users\User\Downloads\spsetup132.exe
2021-09-13 12:45 - 2021-09-13 12:45 - 000036208 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2021-09-13 12:44 - 2021-09-13 12:45 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Downloads\procexp.exe
2021-09-13 12:41 - 2021-09-13 12:44 - 000000000 ____D C:\Users\User\Downloads\bluescreenview
2021-09-13 12:41 - 2021-09-13 12:41 - 000067310 _____ C:\Users\User\Downloads\bluescreenview.zip
2021-09-13 11:16 - 2021-09-13 11:16 - 008474901 _____ (UserBenchmark.com) C:\Users\User\Downloads\UserBenchMark.exe
2021-09-13 08:26 - 2021-09-13 08:26 - 000003918 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2021-09-13 08:24 - 2021-09-13 08:24 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-139916497-3742323812-500074900-1001
2021-09-13 08:24 - 2021-09-13 08:24 - 000002378 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-07 13:05 - 2021-09-07 13:05 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2021-09-07 12:55 - 2021-09-07 12:55 - 000319343 _____ C:\Users\User\Downloads\WILLIAMS RODGER, 20NOV70 , WLEXR4.pdf
2021-09-06 13:59 - 2021-09-06 13:59 - 000128046 _____ C:\Users\User\Downloads\docketReport (3).pdf
2021-09-02 17:42 - 2021-09-02 17:42 - 000001425 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-09-01 09:41 - 2021-09-01 09:41 - 000131871 _____ C:\Users\User\Downloads\Payment_Notification (17).pdf
2021-09-01 09:40 - 2021-09-01 09:40 - 000132036 _____ C:\Users\User\Downloads\Payment_Notification (16).pdf
2021-08-31 10:16 - 2021-08-31 10:16 - 000194776 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2021-08-31 10:16 - 2021-08-31 10:16 - 000169424 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2021-08-31 10:16 - 2021-08-31 10:16 - 000107456 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2021-08-31 10:16 - 2021-08-31 10:16 - 000070232 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2021-08-31 10:16 - 2021-08-31 10:16 - 000043904 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2021-08-30 13:43 - 2021-08-30 13:43 - 000098734 _____ C:\Users\User\Downloads\sd16_hybrid_p4_a.pdf
2021-08-25 15:56 - 2021-08-25 15:56 - 000000000 ____D C:\Users\User\Documents\HiSuite
2021-08-25 15:56 - 2021-08-25 15:56 - 000000000 ____D C:\Users\User\.android
2021-08-25 15:55 - 2021-06-03 03:06 - 002149184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01009.dll
2021-08-25 15:55 - 2021-06-03 03:06 - 000999744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusbcoinstaller2.dll
2021-08-25 15:55 - 2021-06-03 03:06 - 000287232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbnet.sys
2021-08-25 15:55 - 2021-06-03 03:06 - 000226560 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2021-08-25 15:55 - 2021-06-03 03:06 - 000127360 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_cdcacm.sys
2021-08-25 15:55 - 2021-06-03 03:06 - 000116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2021-08-25 15:55 - 2021-06-03 03:06 - 000018944 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbccgpfilter.sys
2021-08-25 09:44 - 2021-08-25 09:44 - 000074500 _____ C:\Users\User\Downloads\MONEY_MAXIMISER_11.pdf
2021-08-25 09:43 - 2021-08-25 09:43 - 000075444 _____ C:\Users\User\Downloads\MONEY_MAXIMISER_9.pdf
2021-08-25 09:43 - 2021-08-25 09:43 - 000071013 _____ C:\Users\User\Downloads\MONEY_MAXIMISER_10_Corrected.pdf
2021-08-25 09:42 - 2021-08-25 09:42 - 000072044 _____ C:\Users\User\Downloads\MONEY_MAXIMISER_8.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-09-20 10:35 - 2020-04-23 13:54 - 000030787 _____ C:\Users\User\Downloads\FRST.txt
2021-09-20 10:24 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-09-20 10:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-09-20 09:59 - 2017-05-23 14:29 - 000000000 ____D C:\Program Files (x86)\Google
2021-09-20 09:56 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-09-20 09:51 - 2018-10-10 15:31 - 000000000 ____D C:\Pastel12
2021-09-20 09:49 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-09-20 09:49 - 2017-05-24 16:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-09-20 09:48 - 2017-05-23 09:54 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2021-09-20 09:47 - 2021-05-06 14:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-09-20 09:47 - 2020-09-11 15:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-09-20 09:47 - 2019-05-15 11:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-09-19 21:21 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-09-19 21:20 - 2017-05-24 17:36 - 000000000 ____D C:\Users\User\Documents\Outlook Files
2021-09-19 21:11 - 2020-09-11 15:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-09-18 15:51 - 2020-04-23 13:44 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-16 15:15 - 2017-12-12 19:47 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2021-09-16 14:34 - 2021-02-23 16:07 - 000000000 ____D C:\Users\User\Documents\New Business
2021-09-16 12:23 - 2019-09-10 08:43 - 000000000 ____D C:\Users\User\Documents\My Maps
2021-09-15 15:18 - 2020-09-11 15:24 - 000842482 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-09-15 14:35 - 2021-04-18 12:02 - 000457752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-15 14:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-15 14:31 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-15 11:14 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-15 10:13 - 2017-05-23 10:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-15 10:08 - 2017-05-23 10:13 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 10:04 - 2017-05-23 14:30 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-14 19:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-14 18:35 - 2017-05-23 18:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-09-14 18:04 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-09-13 15:53 - 2018-09-03 17:03 - 000000000 ____D C:\ProgramData\RivetNetworks
2021-09-13 15:49 - 2018-06-27 19:40 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-09-13 15:47 - 2021-04-24 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-09-13 15:45 - 2019-02-19 12:45 - 000000000 ____D C:\Program Files (x86)\iBeesoft
2021-09-13 15:36 - 2020-05-07 23:24 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-09-13 10:31 - 2021-04-19 13:08 - 000000000 ____D C:\Users\User\AppData\Local\AMD_Common
2021-09-13 08:33 - 2017-05-23 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2021-09-02 17:42 - 2019-03-12 09:13 - 000000000 ____D C:\Users\User\AppData\Local\CutePDF Writer
2021-08-31 10:16 - 2018-05-24 10:49 - 000123472 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2021-08-30 16:47 - 2021-01-25 13:56 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Files in the root of some directories ========

2018-10-10 15:29 - 2018-11-05 11:45 - 000000190 _____ () C:\Program Files (x86)\Common Files\psasetup.log
2018-10-11 13:45 - 2021-09-20 09:56 - 000746860 _____ () C:\Users\User\AppData\Local\BICPartnerV12.log
2018-06-28 12:10 - 2020-06-05 10:56 - 000007596 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

==================== FLock ==============================

2017-05-23 19:29 C:\System Recovery

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-09-2021
Ran by User (20-09-2021 10:38:09)
Running from C:\Users\User\Downloads
Windows 10 Home Version 21H1 19043.1237 (X64) (2020-09-11 13:41:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-139916497-3742323812-500074900-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-139916497-3742323812-500074900-503 - Limited - Disabled)
Guest (S-1-5-21-139916497-3742323812-500074900-501 - Limited - Disabled)
jtxqbdzueqsz (S-1-5-21-139916497-3742323812-500074900-1006 - Limited - Enabled)
uhtpffyxya (S-1-5-21-139916497-3742323812-500074900-1002 - Limited - Disabled)
User (S-1-5-21-139916497-3742323812-500074900-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-139916497-3742323812-500074900-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Disabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20091 - Adobe Systems Incorporated)
Adobe Connect (HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 21.4.1 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{13411D72-7171-440B-978A-ECAA06920C4C}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Clickatell COM-API 2.0.0.42 (HKLM-x32\...\Clickatell COM-API_is1) (Version: 2.0.0.28 - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
Dell SupportAssist (HKLM\...\{9EF0AEB0-9AD2-40E6-8667-D7520C508941}) (Version: 3.10.3.3 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{900D0BCD-0B86-4DAA-B639-89BE70449569}) (Version: 5.4.1.14954 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{ec40a028-983b-4213-af2c-77ed6f6fe1d5}) (Version: 5.4.1.14954 - Dell Inc.)
Dell Update for Windows 10 (HKLM\...\{41D2D254-D869-4CD8-B440-5DF49083C4BA}) (Version: 4.2.1 - Dell Inc.)
DigitalPersona One Touch for Windows RTE (HKLM\...\{56A3C0AF-051E-434D-9106-47B255B3AD4A}) (Version: 1.6.1.965 - DigitalPersona, Inc.)
DinoCapture 2.0 (HKLM-x32\...\DinoCapture 2.0) (Version: 1.5.37.A - AnMo Electronics Corporation)
Dino-Lite 2xx Driver (HKLM-x32\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.21.2.0 - AnMo Electronics Corporation)
DSC/AA Factory Installer (HKLM\...\{F7A70D00-F283-45C8-B163-49EC365D7E27}) (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Edge3 Driver 1.0.0.3 (HKLM\...\Edge3 Driver_is1) (Version: 1.0.0.3 - Edge3 Driver)
Elevated Installer (HKLM-x32\...\{4E108B93-9865-45BF-A565-865AE20AC7FC}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 14.2.24.0 - ESET, spol. s r.o.)
Garmin Express (HKLM-x32\...\{D646C2CC-7782-4B95-B1C8-D9503409A40A}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{ffecb7df-db17-4a27-9f6b-d61ba2d7bcff}) (Version: 6.18.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 93.0.4577.82 - Google LLC)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Intel Driver && Support Assistant (HKLM-x32\...\{BC82D1AD-802A-4733-BB90-A8E59AB8434A}) (Version: 21.5.33.3 - Intel) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{e48a2f61-851a-4155-82f9-af1b04db8c3b}) (Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{88B98508-2D8F-46F1-90AD-557BE40C7067}) (Version: 2.4.07642 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{b09ce953-882c-4131-a693-2e1d73b1e50d}) (Version: 21.5.33.3 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{0e6a18a2-ea36-4041-9f69-0b2cc3f04f88}) (Version: 20.10.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Lenovo EasyCamera (HKLM-x32\...\{E8266049-8C7B-4A09-9E11-8BD100E0076A}) (Version: 8.0.1.2379 - GenesysLogic)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14326.20404 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 93.0.961.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\OneDriveSetup.exe) (Version: 21.160.0808.0002 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\Teams) (Version: 1.3.00.26064 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
MindManager 21 (HKLM\...\{2FDA5D9D-60C0-4014-BB7E-2A74B1D7AF21}) (Version: 21.0.261 - Corel Corporation)
Mozilla Firefox 61.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 61.0.2 (x64 en-US)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20238 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14326.20404 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Pastel Partner Version 12 (HKLM-x32\...\{4FDDC2F0-4F85-4CFF-96FA-8281D5B7201F}) (Version: 12.1.6 - Sage Pastel)
Pervasive System Analyzer (HKLM-x32\...\Pervasive System Analyzer) (Version:  - )
Pervasive.SQL 9.60 Workgroup for Windows (HKLM-x32\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.050.0511.2021 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Sage Connected Services (HKLM-x32\...\{DF8DA097-ABE2-4A94-8396-D51CD51181C6}) (Version: 1.00.13 - Softline Pastel)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.2.2756 - TeamViewer)
WhatsApp (HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\WhatsApp) (Version: 2.2100.4 - WhatsApp)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zoom (HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\ZoomUMX) (Version: 5.5.4 (13142.0301) - Zoom Video Communications, Inc.)
Zwift version 1.0.50 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.50 - Zwift, LLC)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.202.400.0_x86__kgqvnymyfvs32 [2021-09-20] (king.com)
Classic Cars PREMIUM -> C:\Program Files\WindowsApps\Microsoft.ClassicCarsPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2020-01-03] (Microsoft Corporation)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.10.6.0_x64__htrsf667h5kn2 [2021-09-13] (Dell Inc)
Dell Update -> C:\Program Files\WindowsApps\DellInc.DellUpdate_4.2.2.0_x86__htrsf667h5kn2 [2021-09-13] (Dell Inc)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.2.17.0_x86__h6adky7gbf63m [2021-09-14] (Gameloft SE)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.312.1.0_neutral__8xx8rvfyw5nnt [2021-04-17] (Facebook Inc)
Flipboard -> C:\Program Files\WindowsApps\Flipboard.Flipboard_2.1.3.0_neutral__3f5azkryzdbc4 [2020-04-25] (Flipboard)
Garmin Connect Mobile -> C:\Program Files\WindowsApps\Garmin.GarminConnectMobile_3.24.1.0_x64__xpnz26pswwvpm [2018-05-21] (GARMIN INTERNATIONAL INC)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_130.1.323.0_x64__v10z8vjag6ke6 [2021-08-19] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-07] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.53.42573.0_x64__8wekyb3d8bbwe [2021-09-20] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10823.5772.0_x64__8wekyb3d8bbwe [2021-09-02] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.17.1101.0_x64__8wekyb3d8bbwe [2021-08-16] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-18] (Microsoft Corporation)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-05-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-05-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-05-23] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-03] (Microsoft Corporation)
Stunning Cityscapes -> C:\Program Files\WindowsApps\Microsoft.StunningCityscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2020-01-03] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-15] (Twitter Inc.)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2134.10.0_x64__cv1g1gvanyjgm [2021-09-06] (WhatsApp Inc.)
World of Tanks Blitz Assistant -> C:\Program Files\WindowsApps\7458BE2C.WorldofTanksBlitzAssistant_1.9.0.0_x64__x4tje2y229k00 [2018-08-26] (Wargaming Group Limited)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-139916497-3742323812-500074900-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-139916497-3742323812-500074900-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel Corporation -> Intel)
CustomCLSID: HKU\S-1-5-21-139916497-3742323812-500074900-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-08-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-08-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2021-04-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-08-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-13 12:36 - 2021-04-13 12:36 - 005745664 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2014-02-26 09:11 - 2014-02-26 09:11 - 000297984 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2014-02-26 09:11 - 2014-02-26 09:11 - 000523264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2000-08-29 02:19 - 2000-08-29 02:19 - 000401462 _____ (Microsoft Corporation) [File not signed] C:\PVSW\bin\MSVCP60.dll
2006-02-23 04:48 - 2006-02-23 04:48 - 000786481 _____ (Pervasive Software Inc.) [File not signed] C:\PVSW\bin\pscl2.dll
2006-02-23 04:39 - 2006-02-23 04:39 - 000258099 _____ (Pervasive Software Inc.) [File not signed] C:\PVSW\bin\pscore2.dll
2020-12-01 00:14 - 2020-12-01 00:14 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2021-05-21 14:04 - 2021-05-21 14:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-07-23 11:36 - 2021-07-23 11:36 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000414720 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000024576 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000532992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 001441792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 001189888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000134656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 006184448 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 006867456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000735232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Multimedia.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000120832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5MultimediaQuick.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 001104896 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000325120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 003668480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000517120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlModels.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000051712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QmlWorkerScript.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 004228608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 001085440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000480256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5RemoteObjects.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000205824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000127488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000390656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 095598080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 005587968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000462848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000188928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 002878464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000055808 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000262144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtMultimedia\declarative_multimedia.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQml\qmlplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000284160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000136704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-07-27 11:23 - 2020-07-27 11:23 - 000091648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-139916497-3742323812-500074900-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-139916497-3742323812-500074900-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-139916497-3742323812-500074900-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.moneyweb.co.za/
SearchScopes: HKU\S-1-5-21-139916497-3742323812-500074900-1001 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-139916497-3742323812-500074900-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\MindManager 21\Mm8InternetExplorer.dll [2020-09-18] (Corel Corporation -> Mindjet)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll [2018-10-10] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-08-27] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2017-05-24 22:38 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\PVSW\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\User\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-139916497-3742323812-500074900-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "DpTsClnt"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"
HKLM\...\StartupApproved\Run32: => "Zwift"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\Run: => "Payroll Notification Service"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-139916497-3742323812-500074900-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C84790BE-29C4-470E-90B8-19FA43D5724C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{8E5E1601-C1CC-4302-A92F-4F1A0DAF8243}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe (Pervasive Software, Inc. -> )
FirewallRules: [{64BB868C-12A0-4793-BDB0-7BD5661CAA55}] => (Allow) C:\PVSW\bin\w3dbsmgr.exe (Pervasive Software, Inc. -> )
FirewallRules: [{F5746832-B40B-4EE7-A118-435FF6076806}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{48136D34-39AA-433B-A25C-2BA105B91C3B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{06BB2BA1-ED30-4D17-9B69-A83066D930E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EDE17428-8AEF-40E9-AEDE-47464C65402F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA6D1E5C-CE99-4E32-B2CD-25A7E804575C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD94AEF5-3A51-46BD-8149-8E037B5FAC36}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{43EBF6B6-C8BB-4BCF-8360-68AFA6D68BDF}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{06699C44-7CF1-463F-8CEF-E1D399B543A2}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{9B51C9FE-5724-4175-A26D-E489B42E83A1}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{42029B5B-566E-4AF5-9EBD-8828EABADB81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{95C81E23-3011-4BCA-A550-B34FF66B783B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F6428B82-C586-4D67-A09F-B620BE24E681}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1ECB4B14-0329-45D4-B86C-CC45605E38DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{1B2DB937-570F-438D-BA87-F7E1A2DD5ECF}C:\pvsw\bin\w3dbsmgr.exe] => (Allow) C:\pvsw\bin\w3dbsmgr.exe (Pervasive Software, Inc. -> )
FirewallRules: [UDP Query User{24BB7436-1A9B-419E-8B61-DFE469809EB0}C:\pvsw\bin\w3dbsmgr.exe] => (Allow) C:\pvsw\bin\w3dbsmgr.exe (Pervasive Software, Inc. -> )
FirewallRules: [{70DB26D0-63C4-4580-9034-6C1FB63D209F}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0054CCAA-E58B-4859-B84B-311F34638E25}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7F37A510-5E70-47FE-96D7-CC31C6DE5107}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9EC78667-14FF-4161-BFDB-7EEDBAFE0815}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FAFC042F-451A-4CF9-B907-9423232F3B10}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F900E4E5-D29A-45FF-8755-33AED79456DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D099BAAC-80BD-45E9-9B9C-24B90EFCFF02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{626F71A2-42C8-46C1-9A76-4A4843AB7692}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A5674E7C-4892-4739-8E9D-80F6A76469EF}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{F4BA16EE-2631-47AE-BE10-1A7F3697A7AD}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{7232E452-5736-494A-A378-6555AAA056C9}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{163EFC00-F198-449F-849A-057AA15C1E1C}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel Corporation -> )
FirewallRules: [{6941E0A6-B464-4B90-B09D-50A444E78725}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{036D4D12-620F-4C6B-BCB2-8799B255D1D1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EA642DCF-F376-4F11-8148-40EAB860B6BF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\93.0.961.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

13-09-2021 15:51:39 Removed SmartByte Drivers and Services.
15-09-2021 10:28:16 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (09/20/2021 09:52:26 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Dell)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (09/20/2021 09:49:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MmReminderService.exe, version: 21.0.261.0, time stamp: 0x5f650c94
Faulting module name: PYG64.DLL, version: 3.0.1.1035, time stamp: 0x5f6d7857
Exception code: 0xc0000094
Fault offset: 0x000000000027c895
Faulting process id: 0x2378
Faulting application start time: 0x01d7adf40d516b71
Faulting application path: C:\Program Files\MindManager 21\MmReminderService.exe
Faulting module path: C:\Program Files\MindManager 21\PYG64.DLL
Report Id: 4f77d072-2c32-40e8-a207-6a9d8b72aae8
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2021 09:21:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (09/19/2021 09:21:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (09/19/2021 09:14:59 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/19/2021 09:12:19 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3936,D,27) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 63) of database C:\WINDOWS\system32\SRU\SRUDB.dat (2642 => 2643, 0).

Tag: BtNextBadPgnoNextOrBacklink

Fatal: 1

Error: (09/19/2021 09:12:19 PM) (Source: ESENT) (EventID: 544) (User: )
Description: svchost (3936,D,27) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 10829824 (0x0000000000a54000) (database page 2643 (0xA53)) for 4096 (0x00001000) bytes failed verification due to a persisted lost flush detection timestamp mismatch. The read operation will fail with error -1119 (0xfffffba1).

The flush state on database page 2643 (0xA53) was 2 while the flush state on flush map page 0 (0x0) was 3.

If this condition persists, restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/19/2021 09:12:18 PM) (Source: ESENT) (EventID: 447) (User: )
Description: svchost (3936,D,27) SRUJet: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 15, PgnoRoot: 63) of database C:\WINDOWS\system32\SRU\SRUDB.dat (2642 => 2643, 0).

Tag: BtNextBadPgnoNextOrBacklink

Fatal: 1


System errors:
=============
Error: (09/20/2021 10:12:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/20/2021 09:52:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (09/20/2021 09:51:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.

Error: (09/20/2021 09:50:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2021 09:47:17 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft..../?LinkId=245898.

Error: (09/19/2021 09:11:50 PM) (Source: DCOM) (EventID: 10010) (User: Dell)
Description: The server Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.

Error: (09/18/2021 07:00:05 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (09/18/2021 03:43:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.


Windows Defender:
================
Date: 2020-12-14 20:45:47
Description:
Controlled Folder Access blocked C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe from making changes to memory.
Detection time: 2020-12-14T18:45:47.908Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
Security intelligence Version: 1.327.235.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2009.7

Date: 2020-12-14 20:41:59
Description:
Controlled Folder Access blocked C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe from making changes to memory.
Detection time: 2020-12-14T18:41:59.323Z
Path: \Device\Harddisk0\DR0
Process Name: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Security intelligence Version: 1.327.235.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2009.7

Date: 2020-10-30 17:21:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-30 12:40:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-30 12:39:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-14 20:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.235.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-14 20:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.235.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-14 20:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.235.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-14 20:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.235.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-12-14 20:51:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.327.235.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17600.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===============
Date: 2021-09-20 10:25:31
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ebehmoni.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-09-20 10:10:05
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: Dell Inc. A13 05/27/2019
Motherboard: Dell Inc.
Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 33%
Total physical RAM: 16264.96 MB
Available physical RAM: 10846.86 MB
Total Virtual: 18696.96 MB
Available Virtual: 11836.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.37 GB) (Free:743.56 GB) NTFS

\\?\Volume{0701a8a2-8c4b-4a9c-9512-05155be9c983}\ () (Fixed) (Total:0.77 GB) (Free:0.31 GB) NTFS
\\?\Volume{d06ee446-6669-4636-99a6-c35ad2e6135c}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

Attached Files

•  FRST.txt   45.6KB   157 downloads
•  Addition.txt   48.11KB   162 downloads

[RKinner]

Multiple replies are OK.  Best to post a log as you get it.

 

What make & model is your PC?  If HP also give me the service number and/or serial number.

 

Let's get a benchmark so we can tell if we improve anything:

https://www.userbenchmark.com


Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.


When it finishes it will open a browser.  Copy the URL and paste it into a Reply.

 

Uninstall:

 

Intel® Driver & Support Assistant (HKLM-x32\...\{b09ce953-882c-4131-a693-2e1d73b1e50d}) (Version: 21.5.33.3 - Intel) (Never works well and causes problems.  If you must use it it's best to do so periodically and download a new version each time.)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)  (This version is very old and thus very dangerous.)

 

Download the attached fixlist.txt to the same location as FRST

 fixlist.txt   2.33KB   164 downloads


Run FRST and press Fix (Should take about 20 minutes.  This removes some deadwood and checks your system files.  A reboot will be required when done)
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 7.0 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.

 

It looks like windows may have recently created a dump file so let's run BlueScreenView

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

[Rodger899]

I see afterwards it posted my logs multiple times. I give up

 

The PC is a Dell Inspiron 5547. I'll post as I progress.

[Rodger899]

 User Benchmark:

https://www.userbenc...serRun/46461502

Edited by Rodger899, 22 September 2021 - 04:28 AM.