Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop Sluggish and Mouse is Erratic


  • Please log in to reply

#61
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,052 posts
  • MVP

https://askleo.com/h...at_ran_on_boot/

(If you get a popup on the page you can just x it out)

 

If you don't know how to defrag:

 

https://www.wikihow....efrag-Windows-8


  • 0

Advertisements


#62
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 476 posts

Here are the results of chkdsk:

 


Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  466432 file records processed.                                                         File verification completed.
  28063 large file records processed.                                      0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
  625478 index entries processed.                                                        Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered.                                       
Stage 3: Examining security descriptors ...
Cleaning up 5 unused index entries from index $SII of file 0x9.
Cleaning up 5 unused index entries from index $SDH of file 0x9.
Cleaning up 5 unused security descriptors.
Security descriptor verification completed.
  79524 data files processed.                                            CHKDSK is verifying Usn Journal...
  40470344 USN bytes processed.                                                            Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  466416 files processed.                                                                File data verification completed.

Stage 5: Looking for bad, free clusters ...
  106551749 free clusters processed.                                                        Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

 710230015 KB total disk space.
 283157672 KB in 340279 files.
    264696 KB in 79525 indexes.
         0 KB in bad sectors.
    600651 KB in use by the system.
     65536 KB occupied by the log file.
 426206996 KB available on disk.

      4096 bytes in each allocation unit.
 177557503 total allocation units on disk.
 106551749 allocation units available on disk.

Internal Info:
00 1e 07 00 e7 67 06 00 8a 0c 0c 00 00 00 00 00  .....g..........
18 12 00 00 96 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

 


  • 0

#63
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 476 posts

By the way, ever since selecting the touchpad not to work when a USB mouse is connected, there have not been any problems with the mouse.  It looks like your solution worked!

 

Is there any junk to be removed based on the FRST scans?


Edited by Jackpine, 03 November 2021 - 11:17 AM.

  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,052 posts
  • MVP

Did you run defrag (I think they call it Optimize these days)?

 

Can I see a final FRST scan with Addition.txt checked?


  • 0

#65
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 476 posts

The drive was defragged.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2021
Ran by Robert (administrator) on SHADOWFAX (Hewlett-Packard HP Pavilion 17 Notebook PC) (03-11-2021 15:41:15)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert
: Microsoft Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) [File not signed] C:\Program Files\Macrium\Common\ReflectUI.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Photodex Corporation -> ) C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [5614320 2020-01-08] (Paramount Software UK Ltd -> Paramount Software UK Ltd) [File not signed]
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [171832 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG -> Nero AG)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31190360 2021-10-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\MountPoints2: {a188ff1a-5ee1-11eb-8735-5435306021e4} - "G:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31190360 2021-10-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series XPS: C:\Windows\system32\CNMXLMCS.DLL [409088 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2015-03-17] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\HP 6412 Status Monitor: C:\Windows\system32\hpinksts6412LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-01] (Google LLC -> Google LLC)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054B3168-3537-4FFA-8F83-38329D62AA21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {11A5B995-4763-471C-8197-B969BC6D4B12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {12A9FC05-5529-4346-91F9-AF41BC45B7DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {19AAEA31-D5D8-4FAB-81E2-BFF88DAA5313} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {239337C7-8207-44E5-BF5B-8272DE84CFB8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {33A8F8AA-519D-465F-A5DD-F1859A6B0E15} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {3D600A82-9FD8-40DB-A0C7-EEF56E157CCC} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {4B40DB7F-A298-4F8A-8A0F-3A77F167429F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {4C3CEB43-87E5-456A-BC90-95308A36C2F2} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-29] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {50F237AC-D237-4B74-8F4A-ED0373E391B5} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {573DFF1F-BF71-45E5-A502-6D7BDE057A6B} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {5759E379-6A87-4D0A-96EA-7AF7CF014852} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {5FD4AD66-57F9-446C-8658-6A55AA23BB09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {6510AEDA-4D54-4636-99E7-5D346A87696D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {68AB952A-7620-4D51-9A04-9ACFB2B2B7DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {6C227263-548B-4933-B09C-E3D629707727} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckTest => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {72332503-C558-4BCF-BBB1-3539C4E3A889} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [26968 2021-10-06] (Garmin International, Inc. -> )
Task: {7FB5B528-C84D-4353-9D87-1ED8DF2F161C} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {82ABAF53-F6C7-433B-961E-3F6FA8AF9D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-14] (Google Inc -> Google Inc.)
Task: {850B844A-9D1F-4459-97DE-2021CE45525F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {856B9036-4BDE-4A22-9034-1998E7490AB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {8C5733EB-5D00-4602-988D-109420577FB4} - System32\Tasks\G2MUpdateTask-S-1-5-21-3511957844-2261570385-1743981658-1005 => C:\Users\Robert\AppData\Local\GoToMeeting\19796\g2mupdate.exe [31176 2021-06-26] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {8CABF83B-0C09-4FC1-A763-45065D5E325D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {9923C0EB-B11D-4BE7-BB7A-F7D65262E63F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {A2F89395-00DB-4E6F-9E90-F75CE57FDF29} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4966200 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {A90C7AA3-D269-4F3E-9B40-7858EB23B002} - System32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {AC9D766E-C206-43A4-804B-E6BDF172C8AD} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-02] (Mozilla Corporation -> Mozilla Foundation)
Task: {B396B1EB-A075-4586-8E1F-3AD9EDD28A78} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2013-06-07] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {C6621C13-DF98-45EE-B1AE-94155E7F0D5F} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {CD582F0A-09B9-4B81-BDC3-8F01946124C7} - System32\Tasks\{4979924A-EB1C-4F5D-B5AF-D4EBC35946DD} => C:\Windows\system32\pcalua.exe -a C:\Users\Robert\Downloads\x-video-converter.exe -d C:\Users\Robert\Downloads
Task: {DB3EB686-B7C1-4B28-8A1E-C3854FE5924B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DF4123C2-437B-4A0A-A375-BC554AE4BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {E1FD1497-5993-461F-AFB8-6FACDC1EBA84} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [104719784 2021-07-01] (HP Inc. -> HP Inc.)
Task: {F154AE9B-0342-40FC-B740-D1D178CC4B36} - System32\Tasks\G2MUploadTask-S-1-5-21-3511957844-2261570385-1743981658-1005 => C:\Users\Robert\AppData\Local\GoToMeeting\19796\g2mupload.exe [31176 2021-06-26] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {F4E129AB-7B3D-4C2F-B248-2AFF728F2996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3511957844-2261570385-1743981658-1005.job => C:\Users\Robert\AppData\Local\GoToMeeting\19796\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3511957844-2261570385-1743981658-1005.job => C:\Users\Robert\AppData\Local\GoToMeeting\19796\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{42E1B6EA-3728-42A7-8E02-53ADCE251643}: [DhcpNameServer] 192.168.2.1 207.164.234.193
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 192.168.99.10 192.168.99.12

FireFox:
========
FF DefaultProfile: rkbdbks1.default-1462932459567
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567 [2021-11-03]
FF Notifications: Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567 -> hxxps://photos.google.com; hxxps://www.kijiji.ca
FF Extension: (uBlock Origin) - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\rkbdbks1.default-1462932459567\Extensions\[email protected] [2021-10-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [Legacy] [not signed]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-05-12] () [File not signed]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-10]

Chrome:
=======
CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default [2021-11-03]
CHR Notifications: Default -> hxxps://retirehappy.ca; hxxps://www.aliexpress.com
CHR Extension: (Slides) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-09]
CHR Extension: (Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-09]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-09]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-09]
CHR Extension: (uBlock Origin) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-10-25]
CHR Extension: (Proper Menubar for Google Chrome) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\egclcjdpndeoioimlbbbmdhcaopnedkp [2020-12-10]
CHR Extension: (Share link via email) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdbkikfbnnhmachnnomjfgjbgkcnjkb [2021-05-03]
CHR Extension: (Sheets) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-09]
CHR HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82128 2015-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [98208 2009-11-17] (Andrea Electronics -> Andrea Electronics Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [630584 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [378168 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8360560 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-01] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [5453200 2020-01-08] (Paramount Software UK Ltd -> Paramount Software UK Ltd) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG -> Nero AG)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-05-12] (Photodex Corporation -> )
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-23] (SolidWorks) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation)
S3 ekrnEpfw; "C:\Program Files\ESET\ESET Security\ekrn.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (SlySoft, Inc. -> RedFox)
R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [35848 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [221728 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [369232 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [250480 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [99440 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [41504 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [184792 2021-09-27] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\Windows\System32\drivers\avgNetHub.sys [538632 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [108000 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [83064 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851864 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [557288 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [215536 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [328712 2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 blackberryncm; C:\Windows\system32\DRIVERS\blackberryncm6_AMD64.sys [36360 2016-04-06] (Microsoft Windows Hardware Compatibility Publisher -> BlackBerry)
R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [380384 2021-09-09] (Google LLC -> Google, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-18] (Martin Malik - REALiX -> REALiX™)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-03-19] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-18] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-18] (Mediatek Inc. -> Ralink Technology, Corp.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [33600 2014-10-29] (Microsoft Windows -> Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31840 2016-03-24] (Hewlett-Packard Company -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-03 15:41 - 2021-11-03 15:43 - 000032257 _____ C:\Users\Robert\Desktop\FRST.txt
2021-11-02 09:28 - 2021-11-02 09:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-11-01 09:11 - 2021-11-01 09:11 - 000000000 ____D C:\Users\Robert\Downloads\Up The Creek
2021-10-31 21:16 - 2021-10-31 22:30 - 223992481 _____ C:\Users\Robert\Downloads\TheRevenge.rar
2021-10-30 19:02 - 2021-10-30 19:02 - 000002681 _____ C:\Users\Robert\Desktop\City Legends The Curse of the Crimson Shadow Collectors.lnk
2021-10-30 14:56 - 2021-10-30 14:56 - 000000000 ____D C:\Users\Robert\Downloads\Tales of Manhattan
2021-10-26 12:19 - 2021-10-29 15:03 - 000023609 _____ C:\VEW.txt
2021-10-26 12:14 - 2021-10-26 12:14 - 000061440 _____ ( ) C:\Users\Robert\Desktop\VEW.exe
2021-10-26 09:53 - 2021-10-26 09:57 - 000000000 ____D C:\Users\Robert\Downloads\Bodyguard
2021-10-25 17:55 - 2021-10-25 17:55 - 000000000 ____D C:\Users\Robert\Downloads\Colorado Territory
2021-10-25 15:49 - 2021-10-25 16:37 - 146555996 _____ C:\Users\Robert\Downloads\FantasyMosaics49HauntedSwamp.rar
2021-10-24 20:20 - 2021-10-25 03:31 - 1294574958 _____ (Games ) C:\Users\Robert\Downloads\DarkCityParisCE.exe
2021-10-18 18:05 - 2021-10-18 18:05 - 006160559 _____ C:\Users\Robert\Desktop\windows_privacy_tweaker_v3-0-2.zip
2021-10-18 18:05 - 2017-11-08 06:17 - 008723704 _____ (Windows Privacy Tweaker) C:\Users\Robert\Desktop\Windows Privacy Tweaker64.exe
2021-10-18 18:05 - 2017-11-08 06:17 - 006652664 _____ (Windows Privacy Tweaker) C:\Users\Robert\Desktop\Windows Privacy Tweaker32.exe
2021-10-18 17:55 - 2021-10-18 17:55 - 008474901 _____ (UserBenchmark.com) C:\Users\Robert\Desktop\UserBenchMark.exe
2021-10-18 16:55 - 2021-10-18 16:55 - 000000000 ____D C:\Users\Robert\AppData\Local\OO Software
2021-10-18 15:46 - 2021-10-18 15:46 - 000491760 _____ C:\Users\Robert\Documents\IMG_20211018_0002.pdf
2021-10-18 15:45 - 2021-10-18 15:45 - 000493227 _____ C:\Users\Robert\Documents\Timesheet Bob Chachel.pdf
2021-10-18 13:56 - 2021-10-18 13:56 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-10-18 13:56 - 2015-02-06 18:55 - 000386928 _____ C:\Windows\SysWOW64\Drivers\FW7650.bin
2021-10-18 13:56 - 2015-02-06 18:55 - 000386928 _____ C:\Windows\system32\Drivers\FW7650.bin
2021-10-18 13:53 - 2021-10-18 13:53 - 023476631 _____ C:\Users\Robert\Desktop\IS_RT2860_W7-5.0.55.0_W8-5.0.55.0_W8Blue-5.0.55.0_20150225_5.0.55.0_Free.zip
2021-10-16 23:04 - 2021-10-17 10:09 - 000000990 _____ C:\Users\Robert\Desktop\LatencyMon.lnk
2021-10-16 23:04 - 2021-10-16 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2021-10-16 23:04 - 2021-10-16 23:04 - 000000000 ____D C:\Program Files\LatencyMon
2021-10-16 23:04 - 2020-08-21 09:36 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2021-10-16 23:03 - 2021-10-16 23:03 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\Robert\Desktop\LatencyMon.exe
2021-10-16 22:58 - 2021-10-16 22:59 - 000154584 _____ C:\Users\Robert\Desktop\SHADOWFAX.txt
2021-10-16 22:56 - 2021-10-16 22:56 - 000000815 _____ C:\Users\Public\Desktop\Speccy.lnk
2021-10-16 22:56 - 2021-10-16 22:56 - 000000000 ____D C:\Program Files\Speccy
2021-10-16 22:55 - 2021-10-16 22:55 - 008234296 _____ (Piriform Software Ltd) C:\Users\Robert\Desktop\spsetup132.exe
2021-10-16 22:51 - 2021-10-16 22:51 - 000011232 _____ C:\Users\Robert\Desktop\System Idle Process.txt
2021-10-16 22:26 - 2021-10-16 22:26 - 002839416 _____ (Sysinternals - www.sysinternals.com) C:\Users\Robert\Desktop\procexp.exe
2021-10-16 11:02 - 2021-11-03 15:41 - 000000000 ____D C:\Users\Robert\Desktop\FRST-OlderVersion
2021-10-16 11:01 - 2021-11-03 15:41 - 002311168 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2021-10-16 08:47 - 2021-10-16 10:22 - 000000000 ____D C:\Users\Robert\Downloads\Good Day for a Hanging
2021-10-13 19:20 - 2021-09-21 01:53 - 000019720 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys
2021-10-11 20:16 - 2021-10-11 20:16 - 000000000 ____D C:\Users\Robert\Downloads\Appointment with Danger
2021-10-11 20:03 - 2021-10-11 20:03 - 000001873 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2021-10-11 20:03 - 2021-10-11 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2021-10-11 08:45 - 2021-10-11 08:45 - 000000000 ____D C:\Users\Robert\Downloads\Above Suscpicion
2021-10-11 08:44 - 2021-10-11 08:44 - 000000000 ____D C:\Users\Robert\Downloads\A_CRY_IN_THE_WILDERNESS
2021-10-10 21:09 - 2021-11-02 09:30 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-03 15:42 - 2020-02-21 23:17 - 000000000 ____D C:\FRST
2021-11-03 15:40 - 2014-04-25 22:55 - 000000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2021-11-03 15:27 - 2016-05-14 23:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-03 15:24 - 2021-05-04 14:01 - 000000660 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3511957844-2261570385-1743981658-1005.job
2021-11-03 15:23 - 2021-05-04 14:01 - 000000564 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3511957844-2261570385-1743981658-1005.job
2021-11-03 14:20 - 2014-04-23 19:02 - 000000000 ____D C:\Users\Robert\AppData\Roaming\ClassicShell
2021-11-03 13:34 - 2014-04-23 19:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-03 13:33 - 2020-08-05 15:59 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-11-03 13:33 - 2019-05-22 18:25 - 000000000 ____D C:\Users\Robert\Documents\Camping Menus and Gear Lists
2021-11-03 13:33 - 2016-11-29 23:05 - 000000000 ____D C:\Users\Robert\AppData\LocalLow\Mozilla
2021-11-03 11:45 - 2019-02-03 10:56 - 000000000 ____D C:\Users\Robert\Documents\Movie Collector
2021-11-03 08:33 - 2014-04-23 18:58 - 000003934 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{8A055C58-84B1-4BA9-AD00-A48621AAEA0A}
2021-11-02 22:24 - 2013-12-12 04:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2021-11-02 22:07 - 2021-05-04 14:01 - 000003664 _____ C:\Windows\system32\Tasks\G2MUploadTask-S-1-5-21-3511957844-2261570385-1743981658-1005
2021-11-02 22:07 - 2021-05-04 14:01 - 000003568 _____ C:\Windows\system32\Tasks\G2MUpdateTask-S-1-5-21-3511957844-2261570385-1743981658-1005
2021-11-02 22:07 - 2020-08-17 13:36 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2021-11-02 22:07 - 2020-08-16 12:25 - 000003904 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update
2021-11-02 22:07 - 2019-04-22 16:48 - 000003150 _____ C:\Windows\system32\Tasks\{4979924A-EB1C-4F5D-B5AF-D4EBC35946DD}
2021-11-02 22:07 - 2017-01-03 21:39 - 000003554 _____ C:\Windows\system32\Tasks\GarminUpdaterTask
2021-11-02 22:07 - 2016-05-14 23:16 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-11-02 22:07 - 2016-05-14 23:16 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-11-02 22:07 - 2016-02-13 20:57 - 000003886 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-11-02 22:07 - 2014-04-27 16:23 - 000003124 _____ C:\Windows\system32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03}
2021-11-02 22:07 - 2013-12-12 04:32 - 000002990 _____ C:\Windows\system32\Tasks\Synaptics TouchPad Enhancements
2021-11-02 15:37 - 2014-04-27 16:37 - 000000000 ____D C:\Downloaded Games
2021-11-02 10:08 - 2015-05-06 18:10 - 000003600 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1005
2021-11-02 09:30 - 2014-04-23 19:20 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-02 09:30 - 2014-04-23 19:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-01 19:28 - 2020-12-09 20:32 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-30 19:04 - 2015-04-25 14:32 - 000000000 ____D C:\Users\Robert\AppData\Roaming\DominiGames
2021-10-30 18:57 - 2014-05-04 17:08 - 000000000 ____D C:\Program Files (x86)\Games
2021-10-30 14:38 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2021-10-30 14:04 - 2020-08-16 12:22 - 000000000 ____D C:\ProgramData\AVG
2021-10-30 14:04 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-10-28 21:51 - 2019-05-22 18:25 - 000000000 ____D C:\Users\Robert\Documents\Christmas Lists
2021-10-28 21:23 - 2014-04-23 18:57 - 000000000 ____D C:\Users\Robert
2021-10-27 17:49 - 2013-08-26 02:09 - 000962108 _____ C:\Windows\system32\PerfStringBackup.INI
2021-10-27 17:49 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2021-10-26 20:47 - 2020-01-02 13:45 - 000000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2021-10-26 16:49 - 2020-02-21 16:13 - 000000000 ____D C:\Users\Robert\Documents\Website Info
2021-10-26 16:07 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-10-24 18:22 - 2021-09-24 00:28 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-10-24 18:22 - 2021-09-24 00:28 - 000001877 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-10-24 18:22 - 2021-09-24 00:28 - 000001877 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-10-24 18:22 - 2021-09-24 00:28 - 000001865 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-10-24 18:17 - 2020-10-16 10:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-10-18 17:58 - 2020-08-25 21:46 - 000000000 ____D C:\Users\Robert\AppData\Local\CrashDumps
2021-10-18 15:08 - 2020-08-05 16:17 - 000000000 ____D C:\Users\Robert\Documents\Scanned Documents
2021-10-18 13:56 - 2013-09-07 13:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-10-17 12:17 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2021-10-15 04:07 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2021-10-14 16:25 - 2013-09-07 13:33 - 000000000 ____D C:\Windows\system32\Tasks\Hewlett-Packard
2021-10-14 16:24 - 2016-04-06 17:33 - 000000000 ____D C:\Program Files (x86)\HP
2021-10-14 16:24 - 2013-09-07 13:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2021-10-14 16:23 - 2019-03-06 17:07 - 000000000 ____D C:\swsetup
2021-10-13 22:55 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2021-10-13 21:13 - 2013-08-22 10:44 - 000512208 _____ C:\Windows\system32\FNTCACHE.DAT
2021-10-13 21:06 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2021-10-13 19:31 - 2014-04-23 04:09 - 000000000 ____D C:\Windows\system32\MRT
2021-10-13 19:23 - 2014-04-23 04:09 - 139806512 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-10-12 10:01 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2021-10-11 20:03 - 2017-01-03 21:40 - 000000000 ____D C:\ProgramData\Garmin
2021-10-11 20:03 - 2017-01-03 21:39 - 000000000 ____D C:\Program Files (x86)\Garmin
2021-10-11 20:03 - 2013-12-12 04:29 - 000000000 ____D C:\ProgramData\Package Cache
2021-10-10 21:07 - 2020-02-13 20:30 - 000001250 _____ C:\Users\Public\Desktop\Movie Collector.lnk

==================== Files in the root of some directories ========

2018-01-14 13:30 - 2018-01-14 13:31 - 000000077 _____ () C:\Users\Robert\SudokuWorks8.exe
2014-07-11 23:15 - 2020-12-23 18:58 - 000007609 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-10-27 09:04
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2021
Ran by Robert (03-11-2021 15:44:34)
Running from C:\Users\Robert\Desktop
Microsoft Windows 8.1 (Update) (X64) (2014-04-23 06:03:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3511957844-2261570385-1743981658-500 - Administrator - Disabled)
Guest (S-1-5-21-3511957844-2261570385-1743981658-501 - Limited - Disabled)
Robert (S-1-5-21-3511957844-2261570385-1743981658-1005 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
ANT Drivers Installer x64 (HKLM\...\{A894FC56-6753-44E0-AC2E-D7BEFC8E7B24}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.5.0 - RedFox)
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 21.8.3202 - AVG Technologies)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.01 - Canon Inc.)
Canon MG5700 series On-screen Manual (HKLM-x32\...\Canon MG5700 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
City Legends The Curse of the Crimson Shadow Collectors 1.00 (HKLM-x32\...\City Legends The Curse of the Crimson Shadow Collectors 1.00) (Version: 1.00 - Games)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
DVDFab 9.2.2.8 (02/02/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Elevated Installer (HKLM-x32\...\{6D8B91FF-05DE-4BB6-A293-D6B29A58D9AF}) (Version: 7.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.2.1540 - Software MacKiev)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Galerie de photos (HKLM-x32\...\{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{71FC830C-545C-4F34-AE68-4F3073D6AF8C}) (Version: 7.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{cb52ee1f-2988-4cef-bc1c-1daa567cdf88}) (Version: 7.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.17.0.19796 (HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\GoToMeeting) (Version: 10.17.0.19796 - LogMeIn, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{ECCFEFB0-A6EB-4BB3-9C9D-690370ED0C6D}) (Version: 1.7.0.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.18.34.21 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IsoBuster 1.9.1 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
K-Lite Mega Codec Pack 14.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.7.5 - KLCP)
LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Macrium Reflect Home Edition (HKLM\...\{C1E9F1E6-DEDD-4B1E-8DE5-C6C0E6A68B61}) (Version: 7.2.3954 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 7.2 - Paramount Software (UK) Ltd.)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Movie Collector (HKLM\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version:  - Collectorz.com)
Movie Maker (HKLM-x32\...\{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0 (x64 en-US)) (Version: 94.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 94.0.0.7971 - Mozilla)
Myths of the World The Whispering Marsh Collectors 1.00 (HKLM-x32\...\Myths of the World The Whispering Marsh Collectors 1.00) (Version: 1.00 - Games)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 7.4 - Power Software Ltd)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Skype version 8.59 (HKLM-x32\...\Skype_is1) (Version: 8.59 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sudoku Works (HKLM-x32\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
Zoom (HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)

Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.3.0.44_neutral__1618n3s9xq8tw [2013-12-12] (eBay, Inc)
Frameworkuapbase -> C:\Program Files\WindowsApps\48682KiddoTest.Frameworkuapbase_1.0.0.2_neutral__81ffpr532s7pc [2019-07-10] (KiddoTest)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.100.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.2.4.35_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Connected Photo powered by Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_1.9.123.1118_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.141_neutral__v10z8vjag6ke6 [2013-12-12] (Hewlett-Packard Company)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.0_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x64__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Kinect for Windows Framework -> C:\Program Files\WindowsApps\Microsoft.WindowsPreview.Kinect.8.1_2.0.1410.19000_x86__8wekyb3d8bbwe [2019-07-10] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft PlayReady -> C:\Program Files\WindowsApps\Microsoft.Internal.Media.PlayReadyClient_2.3.1678.1_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.6.4.30605_x86__8wekyb3d8bbwe [2013-12-12] (Microsoft Studios) [MS Ad]
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x64__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Visual C++ Runtime Package -> C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00.Preview.Internal_12.0.20222.2_x86__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions Internal)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview.Internal_1.0.9385.3_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2014-04-23] (Microsoft Platform Extensions)
mxtest2 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.mxtest2_2.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.10.0.58_x64__mcm4njqhnhss8 [2013-12-12] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.0.0.5012_x86__kzf8qxf38zg5c [2013-12-12] (Skype) [MS Ad]
Test_Framework_BP_052015 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBP052015_1.0.0.9_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_Framework_win81appxneutral_061115 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkwin81appxneutral06_4.0.0.7_neutral__x35ns48czryn0 [2019-07-10] (M1DF_Mmengesha)
Test_FrameworkBackpublish_050515 -> C:\Program Files\WindowsApps\24712m1dfmmengesha.TestFrameworkBackpublish050515_1.0.0.0_neutral__x35ns48czryn0 [2019-07-10] (m1df_mmengesha)
Test_FrameworkProd_062215_01 -> C:\Program Files\WindowsApps\50856m1dfLL.TestFrameworkProd06221501_1.0.0.10_neutral__nwcxtg9ehxpvt [2019-07-10] (m1df_lucyll)
TESTFRAMEWORKABO2 -> C:\Program Files\WindowsApps\40538vasetest101.TESTFRAMEWORKABO2_12.0.21005.1_x64__ssm1v0s3df7zc [2019-07-10] (vasetest101)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.2.41.0_x64__8wekyb3d8bbwe [2013-12-12] (Microsoft Corporation) [MS Ad]
YouCam for HP -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.YouCamforHP_1.0.2.26590_x86__06qsbagp91rvg [2013-12-12] (CYBERLINKCOM CORP)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Robert\AppData\Local\GoToMeeting\19598\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2018-12-14] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2018-12-14] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip32.dll [2015-12-31] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-09-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2019-04-17] (Power Software Limited -> Power Software Ltd)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [8704 2014-10-28] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2021-10-06 16:51 - 2021-10-06 16:51 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2013-08-19 17:48 - 2013-08-19 17:48 - 000016896 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000127488 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-19 17:47 - 2013-08-19 17:47 - 000102400 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000031232 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\8cc700e712df965d4289eb63e0783b71\A4.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000022528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\005542c2b7dc48c08d0894133a63970f\AEM.Actions.CCAA.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\6b355d88aaaf43c5c972ffae575cd382\AEM.Plugin.EEU.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\fe87151e1b2d264205d9722d3e53aad4\AEM.Plugin.Hotkeys.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.4adf1574#\a4521a7d561a8ab4760a8dd25378d59d\AEM.Plugin.Audio.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.54d8abe3#\48892d65b4e08015e1f9ed417104cdc0\AEM.Plugin.DPPE.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000281600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\d0523c0cfcd8cc64e72da103270e594a\AEM.Plugin.Source.Kit.Server.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000014848 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\ca94feb1cb52a276c2250dfc3f66544c\AEM.Plugin.WinMessages.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\3aff6b737caeaec14c841d610c301934\AEM.Plugin.REG.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\3e73bab432b08a52051e0924d3af8d0c\AEM.Plugin.GD.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\0e04644f96ab05a58500afb72b4cb72a\AEM.Server.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000267776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\481e82d35cd95cda7e032d2182424680\AEM.Server.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\b5cfba34a5ad7884a9176148819330a2\APM.Foundation.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000122880 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\46bb86f4f1fea73353aaea48d2061032\ATICCCom.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000204288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\2c4f20c2d7176955aef35c154e7ff314\CCC.Implementation.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.2042675f#\2ab8aee2c0bfa4836e3d244a465a0680\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000153088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.21d2ac78#\1744ce134e2bc56760ebb63999ca65b2\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000128000 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\958adbe31ef2b23b93f9e22148f6b931\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000026112 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\cf6e9bcedc23957a325b65a81f0fc76a\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000045568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\c0f2fbfe3c02423b2a7ef23622930371\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000072192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.398e7f7a#\f98d9a628f985662ed731669f7196f10\CLI.Aspect.A4.A4.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000107008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\37321b70b3790ca4cdbaf77383da2c95\CLI.Aspect.TransCode.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000209920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4542c692#\f08539733b40055b8d7d96ff400dd5f5\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000130048 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.46819220#\7293b4888e14e6e05f93baf232ff2a8a\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000074752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\11f9e938ccc728e8ac1694d6fbe76c9d\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000151040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4ede500c#\c6916f1756e9fc9d952814de632f654d\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000074240 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.59a12d95#\9ce2891de40268f003a2504adf6541ea\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000111616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.5a772e69#\5dc23f0dcacb41814d3b46fcfd8ece99\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.648b65fc#\3f01cdb43d05b446dc847f89b95f1214\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000263168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\0627cd7e241fcd02a361f85356582943\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\37ecbbbb8f30398dc9785005a8465e70\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000616960 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.846fa813#\bc382bd03f6da1f35eb0565fbaf847a7\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000741376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8d333b6b#\678d81d76f885c6bbadfd2708dd97b7a\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000452608 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\2fef9a19986c273d35993aa1de2fc66b\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a0ae52bc#\ff3081ff51ffd4bd582d6c864f5a6066\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000462336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\114937b43fbf51161c9f200b5cc7f9e3\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000086528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ae5e117c#\5683be18d53aee8f7e43e96d245d5149\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000067072 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\81c60ce6ae0f09480e5188aebbd34d01\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000023552 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c2a2b491#\6667a650acfac2703a8ea0bf4fd191bd\CLI.Aspect.WiFi.Fuel.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000313344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\5ab337150db3f5d204b4e1f3d69d7ccf\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000017920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\44d21dbb7059acb5f1f5db9310664fdc\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000081408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.caa5cc64#\a38f5b1bbfaac6b0eb750a901b515168\CLI.Aspect.Fets.Fuel.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 001315840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.d7e090dc#\4479965218b2ec2e83c7c86dcb81927f\CLI.Aspect.User.Fuel.Dashboard.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000091136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e76f4137#\bb1303df92f4cc0e80f36de07851266f\CLI.Aspect.A4.A4.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000273408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\a8f189e03e0aaeca296320dffbd01cc5\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 003358720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e9fd7406#\3b7461f8176c72d5d0454e2441f9be1c\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000240128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.eda8935e#\8ef841f1bdaad9333a19eaa6a0aaea6d\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\aaa4443a07d3746c8e972fc290fbede2\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000070656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.efd83192#\99c7a0b3cf9023bc41ec05a13344ff4d\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000047104 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f38af62f#\cae66abc9df1b4fa9c9cb55ae5ec3c49\CLI.Aspect.A4.A4.Runtime.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000057856 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f45bd021#\802ee7a25c350972cda59e8d5f30fe66\CLI.Aspect.DPPE.Fuel.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000051200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\7b8ab2cbae95db8e5d1a1a591daebff9\CLI.Caste.A4.Runtime.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000044544 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\a1763023bf61b60131bcd330d9957361\CLI.Caste.A4.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\d3effcfc916f6ca4b817020c5c88b9d0\CLI.Caste.A4.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\9162d8bf345c84029eb04773df7995a7\CLI.Caste.Fuel.Shared.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000311296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\376ae90e710c278459752691a340226c\CLI.Caste.Fuel.Runtime.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000027136 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\d6451e789cc2cd097a38186d58a1527d\CLI.Caste.Fuel.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\f1febfaff7623bcb47460ef1f672f9f9\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 001548800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\3cb4c16c60dedd4fff19f69014555c3d\CLI.Caste.Graphics.Dashboard.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000472576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\78a1bf0b4dd69a24215cd2938bef68d2\CLI.Caste.Graphics.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\0d85cab94010161312b741ba68dc6362\CLI.Caste.HydraVision.Runtime.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\cfcabcf50df78927025f19cf38e235bc\CLI.Caste.HydraVision.Shared.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\ee5689f8e628c2f54cf37e2e4272b585\CLI.Caste.HydraVision.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000030720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\3af326c795f943b37e50ac7347935a77\CLI.Caste.Platform.Shared.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\a1edce50777c4d2f669f279982d74817\CLI.Caste.Platform.Runtime.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000024064 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\59c69e5989e01d2efe29ad751fa240b8\CLI.Caste.Platform.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000350720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combinee84f0351#\abf6d184b096d2b20b8339fa69037699\CLI.Combined.Fusion.Aspects.Runtime.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\eabcff20cf5a9c840bc0f50c8c2de952\CLI.Component.Runtime.Shared.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000173568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\5a4d376b5b725238f333a9f613560040\CLI.Component.Dashboard.ProfileManager2.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000150528 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\316a1018e343517d56a6b1ea56105e02\CLI.Component.Runtime.Shared.Private.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000017408 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\bdb4e0f97b6e4cb947a859d172c64b7f\CLI.Component.Runtime.Extension.EEU.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 001603584 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\98c80f6c7abc87ebb87c75b45d8277cf\CLI.Component.Dashboard.Shared.Private.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\d90de44ba8b0ed4f51a06bec2242f3cd\CLI.Component.Client.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000084480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\49ef13775103460c6bd9de2a9426f8c6\CLI.Component.Dashboard.Shared.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\dda8d1ab537797f2a380d3c4b9b4cf6e\CLI.Foundation.Private.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\eddd63c8f9a59702074074de24b4bb83\CLI.Foundation.XManifest.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000089088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\8bb691effeb74a012c060254b7d4aa2e\CLI.Foundation.CoreAudioAPI.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000934400 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\04ef064449251c017c9dd9cc9005f819\CLI.Foundation.Client.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000301568 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\77569f024850586a9579099a6e12a92b\CLI.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\315b097c601e3763cf603928b207521c\DEM.Graphics.ni.dll
2021-10-14 09:26 - 2021-10-14 09:26 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\022d9a6d001f2e2cf5dd2bdce05854ac\Fuel.Foundation.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000292864 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\01a3778d07cb6fceb8c6caa4fe39b064\LOG.Foundation.Implementation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000149504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\c7cdc1b57d094aad86d642741856bc4b\LOG.Foundation.Private.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000087040 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\e20f526ddff3f2f663259852b6be307a\LOG.Foundation.Implementation.Private.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000123392 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\af15c3cd6b2c1cfa525ed290cee6c0b4\LOG.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\bc3f61b9dcbaf05c9b5808a3481c492e\MOM.Foundation.ni.dll
2021-10-14 09:28 - 2021-10-14 09:28 - 000402944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\ccdc4f5b52e8e21f0545a3609a4c87db\MOM.Implementation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000055296 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\76c21ea957b76073b36fff7a0a181bb2\NEWAEM.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000774656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\91ff5696b4e3c81a76305ba04208581b\ADL.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000250880 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\138cfbad68b230b2fb9c4180c5c6d4a0\APM.Server.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000297984 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9b707b25#\b5b4214862d12d9f033ee4d8f35c9916\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 001652736 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.aa59351a#\3907d5b415264cb3f05f176d8f585a4e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000740864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e6d9f3a8#\663218bf60e5faa20b1935dc2bb0a3f6\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 002559488 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\c532dd589e88dee26e0910f7da257dd7\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000989696 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine7332395e#\efcc889f8121d4011b17c2d297c95a21\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000136704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\aa2239de69ad665190492f391fcfe9c1\CLI.Component.Client.Shared.Private.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000233472 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\18375867cfbfbe21ded406b518aa4425\CLI.Component.Runtime.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000914944 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\6af6df11f20fa8e087046a127c11da95\CLI.Component.Dashboard.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0706\c243611874bba187c56256a539e35966\DEM.Graphics.I0706.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000084480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\dc6d511cb7530137cfd29a4eba714e89\DEM.Graphics.I0709.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000012288 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0712\3d6074b9e1e350c6dd5862ef3c44809f\DEM.Graphics.I0712.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000018432 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\c3a0596ec7664ec79229d88c893f8b79\DEM.Graphics.I0804.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0805\b997bc879fe2c561fe89277a426d8f8f\DEM.Graphics.I0805.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000010752 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0812\8ed3ac0cc5726e8cf2b357793af92430\DEM.Graphics.I0812.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000013312 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0906\f4ac709ba7db5cfb2957f12ea86933ea\DEM.Graphics.I0906.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000014336 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0912\685d1abfc56e9b36a10e9169df33b12a\DEM.Graphics.I0912.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 000035840 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\12f6ac61cc259df7cb3c060a8f12ef03\DEM.Graphics.I1010.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 001005568 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\3333c4e53b0b005e62003f97cc87568e\Localization.Foundation.Private.ni.dll
2021-10-14 09:28 - 2021-10-14 09:28 - 000242688 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\e2e52b28f0459845e5b5590dbaff6b24\ResourceManagement.Foundation.Implementation.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000023552 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\c61a44ebd5d8ab796d94f293d1ef3645\ResourceManagement.Foundation.Private.ni.dll
2021-10-14 09:25 - 2021-10-14 09:25 - 000091648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\b6544cfed3aced27bc29e4504b5cc327\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 002286592 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\5de371062a4dad16a2d846659203857d\CLI.Caste.Graphics.Shared.ni.dll
2021-10-14 09:27 - 2021-10-14 09:27 - 002788864 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\10082a26ae32d5f8012441c78728ee8c\CLI.Caste.Graphics.Runtime.ni.dll
2021-10-06 16:51 - 2021-10-06 16:51 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000025600 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\066f16292f729e44d3ced47921941b5d\DEM.Foundation.ni.dll
2021-10-14 09:24 - 2021-10-14 09:24 - 000115200 _____ (ATI Technologies Inc.) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\e3cc31efe5e50beff1db6e99e2501e85\DEM.Graphics.I0601.ni.dll
2020-08-05 16:14 - 2015-01-09 08:46 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2020-08-05 16:14 - 2015-01-09 08:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2020-08-05 16:14 - 2015-03-17 08:51 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2021-10-06 16:54 - 2021-10-06 16:54 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2021-10-06 16:51 - 2021-10-06 16:51 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2021-10-06 16:51 - 2021-10-06 16:51 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000803520 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 003374272 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2014-04-20 10:17 - 2014-04-20 10:17 - 000284864 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2003-03-19 06:14 - 2003-03-19 06:14 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCP71.dll
2003-02-21 14:42 - 2003-02-21 14:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Ahead\Lib\MSVCR71.dll
2013-12-12 15:49 - 2013-12-12 15:49 - 000037512 _____ (Raxco Software, Inc. -> Raxco Software, Inc.) [File not signed] C:\Program Files\Common Files\Raxco\Shared\PDEnginePS.dll
2021-10-06 16:53 - 2021-10-06 16:53 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\Temp:53A3A85A [260]
AlternateDataStreams: C:\ProgramData\Temp:E499C09F [264]
AlternateDataStreams: C:\Users\Robert\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2020-03-01 18:32 - 000000054 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 keystone.mwbsys.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\Wallpaper -> C:\Photos\WIND RIVER BOB\DSC00376.JPG
DNS Servers: 192.168.2.1 - 207.164.234.193
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F441B1C7-3412-42C0-9B64-2D4F16B8FA66}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{10FA69F5-A214-4255-A9B4-8B752843DEF5}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{ADD3E4AC-A765-4224-8E8C-72CA58E0B6F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6618E6D7-6D4C-4691-A1AA-6BC5BCC9ADBE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2B05FE73-2F0E-4F7B-81DF-0407788DFEA3}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File
FirewallRules: [UDP Query User{9C7D3AF1-D1CE-4DB1-B1A3-1F5619AF5414}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe => No File
FirewallRules: [TCP Query User{791E606B-6046-46D4-B8B9-9DA9072AE2E3}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [UDP Query User{0852958F-CA42-449F-9615-4246651E4253}C:\program files (x86)\utorrent\utorrent.exe] => (Block) C:\program files (x86)\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [TCP Query User{9F3901B4-3CBB-4D8C-BD6E-2BF6CAA478FF}C:\users\robert\appdata\local\logmein rescue applet\lmir0c064001.tmp\lmi_rescue.exe] => (Allow) C:\users\robert\appdata\local\logmein rescue applet\lmir0c064001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{D4B3F5E9-39F7-4E9C-910E-F84457708A57}C:\users\robert\appdata\local\logmein rescue applet\lmir0c064001.tmp\lmi_rescue.exe] => (Allow) C:\users\robert\appdata\local\logmein rescue applet\lmir0c064001.tmp\lmi_rescue.exe => No File
FirewallRules: [{4F8C39A4-7340-4C95-90FD-0B16C327E5AA}] => (Allow) C:\Users\Robert\Downloads\Malwarebytes Anti-Malware Premium 2.2.1.1043 + Pre-Cracked - [CrackzSoft]\App\Malwarebytes\mbam.exe => No File
FirewallRules: [{7E840C98-8EDD-4026-9AE1-B075C93DB869}] => (Allow) C:\Users\Robert\Downloads\Malwarebytes Anti-Malware Premium 2.2.1.1043 + Pre-Cracked - [CrackzSoft]\App\Malwarebytes\mbam.exe => No File
FirewallRules: [{D59C55C6-B293-41DA-B2EA-20E7EA86BCB8}] => (Allow) C:\Users\Robert\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9B57FB32-A1A2-4AF7-ACBA-046CCAD4F746}] => (Allow) C:\Users\Robert\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D92A380C-38A5-48BA-B2F0-033A79F14635}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB1A8F4C-FC85-4EC4-836D-E2EEA8669CDE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40E5EB52-2821-4AFC-BB13-3562DC0BB203}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{31FF77A8-8DE5-4A2C-9420-3A0740A362F9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{754A3264-0F4A-444D-8106-92EFF8F375DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AC3CFF01-6290-456E-AED4-9F5C69A65CFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{03BD9C3F-D0E0-4C92-A91E-23504BB0AE23}C:\users\robert\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\robert\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [UDP Query User{6FFAFA2F-05D0-4071-B45E-4D72CEC7C034}C:\users\robert\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\robert\appdata\local\microsoft\teams\current\teams.exe => No File
FirewallRules: [{CD540BD6-83D2-4B51-8DD3-A3941A72EAD9}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{7CFC83B3-D90E-4B0E-9D67-BF382D935D86}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{468A82CB-9ADA-43C4-9819-D86E02AAE8D3}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{162465E2-D343-46C6-B0BC-7F6E361AEA16}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{CA02F3DB-5997-4655-94CC-CAA397317354}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

18-10-2021 13:55:54 Installed Ralink Wireless LAN_v1.2
26-10-2021 08:58:44 Scheduled Checkpoint
03-11-2021 10:04:51 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/03/2021 11:59:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/03/2021 11:59:17 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (11/03/2021 11:59:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/03/2021 11:59:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/03/2021 11:59:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/03/2021 11:59:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (10/30/2021 12:48:08 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (11/03/2021 03:50:22 PM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.

Error: (11/03/2021 03:48:22 PM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.

Error: (11/03/2021 10:16:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/03/2021 10:08:51 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/03/2021 10:08:21 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/03/2021 08:40:47 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (11/03/2021 08:40:17 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (11/02/2021 10:20:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

BIOS: Insyde F.37 10/22/2015
Motherboard: Hewlett-Packard 213B
Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 40%
Total physical RAM: 7643.95 MB
Available physical RAM: 4569.21 MB
Total Virtual: 8859.95 MB
Available Virtual: 4438.5 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:398.87 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.01 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{b412d7c1-a189-4967-aa4a-59b14fdfd4c1}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)

Partition: GPT.

==================== End of Addition.txt =======================


  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,052 posts
  • MVP

Is there a reason for:
 

 

FirewallRules: [{CD540BD6-83D2-4B51-8DD3-A3941A72EAD9}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{7CFC83B3-D90E-4B0E-9D67-BF382D935D86}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{468A82CB-9ADA-43C4-9819-D86E02AAE8D3}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{162465E2-D343-46C6-B0BC-7F6E361AEA16}] => (Block) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

 

Not sure why you would want to block part of AVG but it appears that it is up to date anyway so guess it's not hurting anything.

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 

If we installed Speccy it needs to be uninstalled.  Also uninstall Latency Monitor and/or HD Tune if we installed them.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Flash is now officially obsolete and should be removed from all PCs.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan (now renamed to Intel Security Scan).  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE (which you should no longer be using since it is no longer supported by Microsoft) go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
(If it complains about Chrome still running you can stop it with Task Manager or go into Chrome then go to:

chrome://settings/

Hit Advanced at the bottom of the page then scroll down to near the bottom where it says System.

Change
Continue running background apps when Google Chrome is closed
to Off (slide the blue thing to the left and it turns brown)
Close Chrome.


If the browser is still slow then go in and disable all of your extensions, close the browser and Optimize with SpeedyFox then restart the browser.  If that helps then one or more of your extensions is at fault.  Go back in and turn them on one at a time and see if you can figure out which ones slow things down the most.

If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them or at least make sure your anti-virus scans them.

Due to a recent rise in the number of Cryptolocker infections I am now recommending you install:

https://www.bleeping...somware/dl/306/
It's currently a free version (and included in MBAM).

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.
 If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not the latest.  If in doubt uninstall all.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that Java not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.

If you are running Win 10 you probably want OpenShell:

https://github.com/O...Open-Shell-Menu

  This program will make Win 10 act like Win 7 with the same controls you are used to.
Download Link:
https://github.com/O...tup_4_4_131.exe


Recommended free software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Media Player it never seems to need extra files to work.
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Video Downloader Professional  To save online video.   This extension (available for Chrome or Firefox)  allows you to start a recording and then switch to a different window and record another video.
Download YouTube Videos:  4K Video Downloader (Separate Program) https://www.4kdownlo...videodownloader
You have to copy the URL then hit the + button on the program.  Then select quality. There is a license activate window but you just close it.
With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!



 


  • 0

#67
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 476 posts

I have no idea why those firewall rules exist.  I know that I didn't put them into the system.  Should they be deleted?


  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,052 posts
  • MVP

You can remove the odd firewall rules with the attached fixlist:

 

Attached File  fixlist.txt   672bytes   25 downloads

 

Should be real quick and there shouldn't be a reboot.

 

 


  • 0

#69
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 476 posts

Done.  Thank you very much.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP