Hidden City Mystery Of Shadows Download Queue

Posted : admin On 12/25/2021

Discus and support Microsoft Store APP Hidden City G5 Games in Windows 10 Software and Apps to solve the problem; Of late this game at some point hangs and then crashes. I am currently at level 191 and the only reason I mention that is this: If I Reset the app... Discussion in 'Windows 10 Software and Apps' started by SmokedSteam94, Jul 8, 2018.

G5 Entertainment – The Developer and Publisher of Casual and Free-to-Play games for iPhone, iPad, Android, Google Play, Kindle Fire, Windows and MacHidden City®: Hidden Object Adventure. #1 Most Popular Hidden Object Game In the World! Get ready for a journey unlike any other in Hidden City®! Mirages of an unknown city have been seen. Why do I keep getting content in download queue in the hidden city game? - The Video Game Consoles & Games question. Search Fixya. Browse Categories. Why do I keep getting content in download queue in the hidden city game? Posted by Susan Kilyk on Dec 16, 2016. Want Answer 1.

  1. Microsoft Store APP Hidden City G5 Games - Similar Threads - Microsoft Store APP

  2. Hidden City Game

    in Windows 10 Gaming
    Hidden City Game: Any one else having problems loading their game after new 'Easter' objective?https://answers.microsoft.com/en-us/windows/forum/all/hidden-city-game/fa50c3ee-45e1-4084-9cfd-24014ecfc137
  3. Unable to purchase products in Hidden City

    in Microsoft Windows 10 Store
    Unable to purchase products in Hidden City: All information has been filled out but when going to purchase specials in Hidden City, unable to complete credit card transaction as will not allow me to change countries....
  4. Hidden city

    in Windows 10 Software and Apps
    Hidden city: How do I reinstall hidden city: hidden object adventure.https://answers.microsoft.com/en-us/windows/forum/all/hidden-city/93aac970-61db-4595-ae12-fd38f3912b3a
  5. How can you add a second player in Hidden City - G5 Game?

    in Windows 10 Gaming
    How can you add a second player in Hidden City - G5 Game?: As seen in the screen shot below, Hidden City's profile screen seems to suggest that more than one person can play the game. But if you click on 'Change Player,' you are told to enter the login of another player. The problem is, I can find no way to create another player....
  6. G5 in game purchases

    in Windows 10 Gaming
    G5 in game purchases: I'm unable to access in game purchases for some G5 games. Specifically 'Letters from nowhere: a hidden object mystery' and for 'Survivors: the quest' I can only access one of the purchases. All the items come up as $0.00. I'm using a credit card from South Africa so the...
  7. G5 games

    in Windows 10 Gaming
    G5 games: None of my G5 games work. They download up to the game and then crashhttps://answers.microsoft.com/en-us/windows/forum/games_windows_10/g5-games/3b9ef240-861d-4e6c-8387-ad328810f0a1
  8. HIdden city - How do I exit this game?

    in Windows 10 Gaming
    HIdden city - How do I exit this game?: I saw the game for free and thought I would try it. Now I have finished playing for the day but the only way I can see to exit the game is to Ctrl-Alt-Del.Surely there is a way out of the game. I can't find the X icon anywhere. It's probably right under my nose LOL...
  9. Hidden City: Hidden Object Adventure

    in Windows 10 Gaming
    Hidden City: Hidden Object Adventure: I have been playing Hidden City: Hidden Object Adventure for a few weeks now. I have unlocked several places. However, the new ones I have unlocked have been saying 'Game assets awaiting download'. Is there something that I need to do on my end to make this change. It has...
  10. G5 games crashing

    in Windows 10 Gaming
    G5 games crashing: My G5 game keeps crashing on me, frequently when I win so I don't get prizes. I have just had my drivers updated. How do you get in touch with G5 game people? Any answers out there?...
  1. g5 games

    ,
  2. g5 games hidden city

    ,
  3. g5 games windows 10

    ,
  4. G5 games i own,
  5. g5 game updates hidden city,
  6. how to change login password in G5 game hidden city,
  7. all free g5 games,
  8. windows store games g5,
  9. g5 games for windows 7,
  10. forum for g5 game hidden city hidden object ,
  11. latest update for g5 hidden city hidden object game,
  12. g5 hidden city hidden object forum,
  13. g5 games awaiting gams assets down load ,
  14. microspft g5 hidden objects games,
  15. g5e game assets awaiting download

I noticed Taskeng.exe randomly popping up in April but thought it was fixing my Hidden City: Mystery of Shadows game that suddenly had jumbled font or overlapping font. I would only see taskeng.exe pop-up either once during the loading of the game or during game play, never outside of the game. Then Hidden City's May event update came out and the font was normal and I didn't see taskeng.exe for a while so I assumed it did it's job. Unfortunately, Taskeng.exe began popping up outside of game and even one day popped up as soon as I woke my computer up. When I try to play Hidden City in Mozilla Firefox Quantum 60.0.1(64-bit) the game is at a snails pace literally, I also contacted them for help improving the speed and nothing worked. I installed Google Chrome because a browser with WebGL-enabled like Firefox, Chrome, Edge is required or Facebook Gameroom should be installed. After tweaking Chrome I noticed something is spiking my CPU which casues the game to freeze a few seconds every minute. I used Chrome's Task Manager but I couldn't see what's causing the CPU spikes. I also have a very troubled Internet Explorer 11 (it's my default browser) which is very slow, crashes sometimes but always becomes unresponsive and loads pages incorrectly. I noticed recently when a family member did a Nordstrom search that ads have been injected into the results and she clicked on one, but mvp host file blocked the page from opening. The ad results are from r.bat.bing com and are at the top and bottom of search results. The game ads I'm now seeing in my Microsoft Solitaire Deluxe game are from clkuk.tradedoubler com. I tried to get rid of this stuff by using Windows Defender (full scan), Malwarebytes normal mode threat scan and then a scan in safe mode after reading, taskeng.exe popping up randomly and i cant open Farbar's Recovery Scan Tool Started by pandapeter , May 04 2018 01:58 AM. I also used Super Antispyware, Adware Cleaner and they all found nothing. I even tried RKill in case something malicious needed to be shut down for the other scans to work and nothing was found. So I have included in this post the 2 Farbar scans and an autoruns.txt. If you would also like Autoruns Scan Text just let me know I have that too. Thank you in advance for your time and assistance.

First Farbar Scan Below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Floretta (administrator) on LA-LA-LOOPSY (04-06-2018 16:55:18)
Running from C:UsersFlorettaDesktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

Processes (Whitelisted)

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:WindowsSystem32atiesrxx.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkAudioService64.exe
(SUPERAntiSpyware.com) C:Program FilesSUPERAntiSpywareSASCORE64.EXE
(Andrea Electronics Corporation) C:Program FilesRealtekAudioHDAAERTSr64.exe
(Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(Microsoft Corporation) C:Program FilesWindows DefenderMsMpEng.exe
(CyberLink) C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe
(HP Inc.) C:Program Files (x86)Hewlett-PackardHP Support SolutionsHPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
(Microsoft Corporation) C:Program FilesWindows DefenderNisSrv.exe
(AMD) C:WindowsSystem32atieclxx.exe
(Microsoft Corporation) C:WindowsSystem32SkyDrive.exe
(Microsoft Corporation) C:WindowsSystem32dllhost.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARAVBg64.exe
(Advanced Micro Devices, Inc.) C:Program FilesAMDCNextCNextRadeonSettings.exe
(Realtek Semiconductor) C:Program FilesRealtekAudioHDARtkNGUI64.exe
(CyberLink) C:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe
(CyberLink) C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe

Registry (Whitelisted)

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...Run: [RTHDVCPL] => C:Program FilesRealtekAudioHDARtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM...Run: [WindowsDefender] => '%ProgramFiles%Windows DefenderMSASCuiL.exe'
HKUS-1-5-21-2603647047-4195809022-826204347-1001...Run: [Skype] => C:Program Files (x86)SkypePhoneSkype.exe [27230168 2016-11-15] (Skype Technologies S.A.)

Internet (Whitelisted)

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
TcpipParameters: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip..Interfaces{0E333C8D-0090-4B2F-A96D-1AAE408DB9B9}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2
Tcpip..Interfaces{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 209.18.47.62 75.114.81.2

Internet Explorer:
HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKUS-1-5-21-2603647047-4195809022-826204347-1001SoftwareMicrosoftInternet ExplorerMain,Start Page = hxxps://www.bing.com/
SearchScopes: HKUS-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:Program Files (x86)Ghosterybinghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:Program FilesAdblock Plus for IEAdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:Program Files (x86)Ghosterybinghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:Program FilesAdblock Plus for IEAdblockPlus32.dll [2017-01-03] (Eyeo GmbH)

FireFox:
FF DefaultProfile: ngi7b3ks.default-1512793097925
FF ProfilePath: C:UsersFlorettaAppDataRoamingMozillaFirefoxProfilesngi7b3ks.default-1512793097925 [2018-06-03]
FF NetworkProxy: MozillaFirefoxProfilesngi7b3ks.default-1512793097925 -> type', 0
FF Extension: (uBlock Origin) - C:UsersFlorettaAppDataRoamingMozill[email protected]raymondhill.net.xpi [2018-05-25]
FF Extension: (NoScript) - C:UsersFlorettaAppDataRoamingMozillaFirefoxProfilesngi7b3ks.default-1512793097925Extensions{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-29]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:UsersFlorettaAppDataRoamingMozillaFirefoxProfilesngi7b3ks.default-1512793097925features{6883ce2d-cb0f-44e0-80f6-68ad0f5faf3f}[email protected] [2018-06-02] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:WINDOWSsystem32MacromedFlashNPSWF64_29_0_0_171.dll [2018-05-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:WINDOWSSysWOW64MacromedFlashNPSWF32_29_0_0_171.dll [2018-05-22] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:Program Files (x86)GoogleUpdate1.3.33.17npGoogleUpdate3.dll [2018-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:Program Files (x86)GoogleUpdate1.3.33.17npGoogleUpdate3.dll [2018-05-26] (Google Inc.)

Chrome:
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefault [2018-06-03]
CHR Extension: (Slides) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2018-05-26]
CHR Extension: (Docs) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2018-05-26]
CHR Extension: (Google Drive) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2018-05-26]
CHR Extension: (YouTube) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-26]
CHR Extension: (uBlock Origin) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionscjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-27]
CHR Extension: (Sheets) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2018-05-26]
CHR Extension: (Google Docs Offline) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-27]
CHR Extension: (Chrome Web Store Payments) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2018-05-26]
CHR Extension: (Gmail) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2018-05-26]
CHR Extension: (Chrome Media Router) - C:UsersFlorettaAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-26]
CHR Profile: C:UsersFlorettaAppDataLocalGoogleChromeUser DataSystem Profile [2018-05-27]

Services (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:Program FilesSUPERAntiSpywareSASCORE64.EXE [173472 2017-07-14] (SUPERAntiSpyware.com)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:Program Files (x86)Hewlett-PackardHP Support SolutionsHPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
S3 MBAMService; C:Program FilesMalwarebytesAnti-Malwarembamservice.exe [6541008 2018-05-03] (Malwarebytes)
S3 PAExec; C:WINDOWSPAExec.exe [189112 2017-06-28] (Power Admin LLC)
R2 RtkAudioService; C:Program FilesRealtekAudioHDARtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R3 WdNisSvc; C:Program FilesWindows DefenderNisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:Program FilesWindows DefenderMsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

Drivers (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Game

R3 athr; C:WINDOWSsystem32DRIVERSathwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R0 C9294A81; C:WINDOWSSystem32driversC9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
R1 CLVirtualDrive; C:WINDOWSsystem32DRIVERSCLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S3 MBAMSwissArmy; C:WINDOWSSystem32Driversmbamswissarmy.sys [253664 2018-05-28] (Malwarebytes)
R1 MpKsl64e8fecb; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{5F16D9B8-05D1-4F74-A89B-F2AB1E01D871}MpKsl64e8fecb.sys [58120 2018-06-04] (Microsoft Corporation)
R3 RSP2STOR; C:WINDOWSsystem32DRIVERSRtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:Program FilesSUPERAntiSpywareSASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:Program FilesSUPERAntiSpywareSASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:WINDOWSSystem32driversWdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driversWdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32DriversWdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

NetSvcs (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

One Month Created files and folders

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 16:55 - 2018-06-04 16:55 - 000000000 ____D C:UsersFlorettaDesktopFRST-OlderVersion
2018-06-04 16:54 - 2018-06-04 16:54 - 000002533 _____ C:UsersFlorettaDesktopquick mal.txt
2018-05-28 16:25 - 2018-05-28 16:25 - 000001295 _____ C:UsersFlorettaDesktopMBytesScan.txt
2018-05-28 15:40 - 2018-05-28 15:52 - 000253664 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbamswissarmy.sys
2018-05-28 15:36 - 2018-05-28 15:36 - 000422594 _____ C:UsersFlorettaDesktopautoruns.txt
2018-05-28 11:43 - 2018-05-28 11:44 - 000040828 _____ C:UsersFlorettaDesktopAddition.txt
2018-05-28 11:41 - 2018-06-04 16:56 - 000011421 _____ C:UsersFlorettaDesktopFRST.txt
2018-05-28 11:40 - 2018-06-04 16:55 - 000000000 ____D C:FRST
2018-05-28 11:24 - 2018-05-28 11:27 - 000000000 ____D C:UsersFlorettaDesktopAll MVP
2018-05-28 00:02 - 2018-05-28 00:02 - 000000955 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsFirefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000943 _____ C:UsersPublicDesktopFirefox.lnk
2018-05-28 00:02 - 2018-05-28 00:02 - 000000000 ____D C:Program FilesMozilla Firefox
2018-05-28 00:02 - 2018-05-28 00:02 - 000000000 ____D C:Program Files (x86)Mozilla Maintenance Service
2018-05-26 23:43 - 2018-05-26 23:43 - 000000000 ____D C:UsersFlorettaAppDataRoamingGoogle
2018-05-26 23:41 - 2018-05-26 23:41 - 000002323 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2018-05-26 23:41 - 2018-05-26 23:41 - 000002282 _____ C:UsersPublicDesktopGoogle Chrome.lnk
2018-05-26 23:40 - 2018-05-26 23:52 - 000000000 ____D C:UsersFlorettaAppDataLocalGoogle
2018-05-26 23:40 - 2018-05-26 23:40 - 000003332 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineUA
2018-05-26 23:40 - 2018-05-26 23:40 - 000003204 _____ C:WINDOWSSystem32TasksGoogleUpdateTaskMachineCore
2018-05-26 23:40 - 2018-05-26 23:40 - 000000000 ____D C:Program Files (x86)Google
2018-05-26 23:34 - 2018-05-26 23:40 - 000000000 ____D C:UsersFlorettaAppDataLocalDeployment
2018-05-26 23:34 - 2018-05-26 23:34 - 000000000 ____D C:UsersFlorettaAppDataLocalApps2.0
2018-05-22 23:00 - 2018-06-04 16:55 - 002413056 _____ (Farbar) C:UsersFlorettaDesktopFRST64.exe
2018-05-22 22:59 - 2018-05-22 22:59 - 001802704 _____ (Bleeping Computer, LLC) C:UsersFlorettaDesktopiExplore.exe
2018-05-22 21:08 - 2018-05-22 21:08 - 038976024 _____ (Mozilla) C:UsersFlorettaDesktopFirefox Setup 60.0.1.exe
2018-05-22 20:54 - 2018-05-22 20:54 - 038976024 _____ (Mozilla) C:UsersFlorettaDownloadsFirefox Setup 60.0.1.exe
2018-05-22 18:11 - 2018-05-22 18:11 - 000004476 _____ C:WINDOWSSystem32TasksAdobe Flash Player NPAPI Notifier
2018-05-22 18:11 - 2018-05-22 18:11 - 000004324 _____ C:WINDOWSSystem32TasksAdobe Flash Player Updater
2018-05-22 18:10 - 2018-05-22 18:11 - 000000000 ____D C:UsersFlorettaAppDataLocalAdobe
2018-05-22 15:13 - 2018-05-22 15:13 - 000001890 _____ C:UsersPublicDesktopMalwarebytes.lnk
2018-05-22 15:13 - 2018-05-22 15:13 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes
2018-05-22 15:13 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:WINDOWSsystem32Driversmbae64.sys
2018-05-22 15:12 - 2018-05-22 15:12 - 000000000 ____D C:Program FilesMalwarebytes
2018-05-22 01:49 - 2018-05-22 01:49 - 000000000 ____D C:ProgramDataMB2Migration
2018-05-10 00:36 - 2018-05-10 00:36 - 000284664 _____ C:WINDOWSMinidump051018-21078-01.dmp
2018-05-08 16:22 - 2018-04-22 05:02 - 000803696 _____ (Microsoft Corporation) C:WINDOWSsystem32oleaut32.dll
2018-05-08 16:22 - 2018-04-22 04:06 - 000612600 _____ (Microsoft Corporation) C:WINDOWSSysWOW64oleaut32.dll
2018-05-08 16:22 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:WINDOWSsystem32mshtml.dll
2018-05-08 16:22 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:WINDOWSsystem32iertutil.dll
2018-05-08 16:22 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:WINDOWSsystem32vbscript.dll
2018-05-08 16:22 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript9.dll
2018-05-08 16:22 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript9diag.dll
2018-05-08 16:22 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:WINDOWSsystem32jscript.dll
2018-05-08 16:22 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mshtml.dll
2018-05-08 16:22 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:WINDOWSSysWOW64vbscript.dll
2018-05-08 16:22 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iertutil.dll
2018-05-08 16:22 - 2018-04-22 02:57 - 001033216 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcomm.dll
2018-05-08 16:22 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript.dll
2018-05-08 16:22 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript9diag.dll
2018-05-08 16:22 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:WINDOWSsystem32webcheck.dll
2018-05-08 16:22 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:WINDOWSsystem32msfeeds.dll
2018-05-08 16:22 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:WINDOWSsystem32ieframe.dll
2018-05-08 16:22 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:WINDOWSsystem32inetcpl.cpl
2018-05-08 16:22 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:WINDOWSsystem32wininet.dll
2018-05-08 16:22 - 2018-04-22 02:32 - 000880640 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcomm.dll
2018-05-08 16:22 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:WINDOWSSysWOW64jscript9.dll
2018-05-08 16:22 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:WINDOWSSysWOW64webcheck.dll
2018-05-08 16:22 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msfeeds.dll
2018-05-08 16:22 - 2018-04-22 02:27 - 000333312 _____ (Microsoft Corporation) C:WINDOWSSysWOW64iedkcs32.dll
2018-05-08 16:22 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ieframe.dll
2018-05-08 16:22 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:WINDOWSSysWOW64inetcpl.cpl
2018-05-08 16:22 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:WINDOWSsystem32urlmon.dll
2018-05-08 16:22 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:WINDOWSsystem32ieapfltr.dll
2018-05-08 16:22 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wininet.dll
2018-05-08 16:22 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:WINDOWSSysWOW64urlmon.dll
2018-05-08 16:22 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ieapfltr.dll
2018-05-08 16:22 - 2018-04-15 12:55 - 000669696 _____ (Microsoft Corporation) C:WINDOWSsystem32hhctrl.ocx
2018-05-08 16:22 - 2018-04-15 12:16 - 000536576 _____ (Microsoft Corporation) C:WINDOWSSysWOW64hhctrl.ocx
2018-05-08 16:22 - 2018-04-10 21:03 - 007406936 _____ (Microsoft Corporation) C:WINDOWSsystem32ntoskrnl.exe
2018-05-08 16:22 - 2018-04-10 21:02 - 001676056 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.efi
2018-05-08 16:22 - 2018-04-10 21:02 - 001536112 _____ (Microsoft Corporation) C:WINDOWSsystem32winload.exe
2018-05-08 16:22 - 2018-04-10 14:51 - 004169216 _____ (Microsoft Corporation) C:WINDOWSsystem32win32k.sys
2018-05-08 16:22 - 2018-04-10 14:27 - 000205312 _____ (Microsoft Corporation) C:WINDOWSsystem32itircl.dll
2018-05-08 16:22 - 2018-04-10 14:13 - 000179712 _____ (Microsoft Corporation) C:WINDOWSsystem32itss.dll
2018-05-08 16:22 - 2018-04-10 13:01 - 000165376 _____ (Microsoft Corporation) C:WINDOWSSysWOW64itircl.dll
2018-05-08 16:22 - 2018-04-10 12:50 - 000151040 _____ (Microsoft Corporation) C:WINDOWSSysWOW64itss.dll
2018-05-08 16:22 - 2018-04-07 12:17 - 000445440 _____ (Microsoft Corporation) C:WINDOWSsystem32certcli.dll
2018-05-08 16:22 - 2018-04-07 11:49 - 000324096 _____ (Microsoft Corporation) C:WINDOWSSysWOW64certcli.dll
2018-05-08 16:22 - 2018-04-07 11:41 - 000109056 _____ (Microsoft Corporation) C:WINDOWSsystem32TSpkg.dll
2018-05-08 16:22 - 2018-04-07 11:23 - 000084992 _____ (Microsoft Corporation) C:WINDOWSSysWOW64TSpkg.dll
2018-05-08 16:22 - 2018-04-07 11:20 - 001707008 _____ (Microsoft Corporation) C:WINDOWSsystem32comsvcs.dll
2018-05-08 16:22 - 2018-04-07 11:10 - 001344512 _____ (Microsoft Corporation) C:WINDOWSSysWOW64comsvcs.dll
2018-05-08 16:22 - 2018-04-07 11:06 - 000522752 _____ (Microsoft Corporation) C:WINDOWSsystem32catsrvut.dll
2018-05-08 16:22 - 2018-04-07 11:01 - 000414720 _____ (Microsoft Corporation) C:WINDOWSSysWOW64catsrvut.dll
2018-05-08 16:22 - 2018-04-06 17:27 - 000376656 _____ (Microsoft Corporation) C:WINDOWSsystem32Driversclfs.sys
2018-05-08 16:22 - 2018-03-24 11:57 - 001101824 _____ (Microsoft Corporation) C:WINDOWSsystem32rdvidcrl.dll
2018-05-08 16:22 - 2018-03-24 11:40 - 001171456 _____ (Microsoft Corporation) C:WINDOWSsystem32mstsc.exe
2018-05-08 16:22 - 2018-03-24 11:34 - 000856064 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rdvidcrl.dll
2018-05-08 16:22 - 2018-03-24 11:22 - 001086976 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mstsc.exe
2018-05-08 16:22 - 2018-03-24 10:56 - 007033344 _____ (Microsoft Corporation) C:WINDOWSsystem32mstscax.dll
2018-05-08 16:22 - 2018-03-24 10:54 - 006214144 _____ (Microsoft Corporation) C:WINDOWSSysWOW64mstscax.dll
2018-05-08 16:22 - 2018-03-15 18:29 - 000136904 _____ (Microsoft Corporation) C:WINDOWSsystem32wuauclt.exe
2018-05-08 16:22 - 2018-03-10 16:55 - 000137968 _____ (Microsoft Corporation) C:WINDOWSsystem32ncrypt.dll
2018-05-08 16:22 - 2018-03-10 15:04 - 000120376 _____ (Microsoft Corporation) C:WINDOWSSysWOW64ncrypt.dll
2018-05-08 16:22 - 2018-03-10 13:51 - 000685568 _____ (Microsoft Corporation) C:WINDOWSsystem32Driverssrv2.sys
2018-05-08 16:22 - 2018-03-10 13:47 - 000066048 _____ (Microsoft Corporation) C:WINDOWSsystem32wups.dll
2018-05-08 16:22 - 2018-03-10 13:47 - 000052224 _____ (Microsoft Corporation) C:WINDOWSsystem32wups2.dll
2018-05-08 16:22 - 2018-03-10 13:43 - 000015360 _____ (Microsoft Corporation) C:WINDOWSsystem32wu.upgrade.ps.dll
2018-05-08 16:22 - 2018-03-10 12:46 - 000840192 _____ (Microsoft Corporation) C:WINDOWSsystem32netlogon.dll
2018-05-08 16:22 - 2018-03-10 12:44 - 000435200 _____ (Microsoft Corporation) C:WINDOWSsystem32schannel.dll
2018-05-08 16:22 - 2018-03-10 12:35 - 000696832 _____ (Microsoft Corporation) C:WINDOWSSysWOW64netlogon.dll
2018-05-08 16:22 - 2018-03-10 12:35 - 000359424 _____ (Microsoft Corporation) C:WINDOWSSysWOW64schannel.dll
2018-05-08 16:22 - 2018-03-10 12:33 - 003717632 _____ (Microsoft Corporation) C:WINDOWSsystem32wuaueng.dll
2018-05-08 16:22 - 2018-03-10 12:22 - 000035840 _____ (Microsoft Corporation) C:WINDOWSsystem32wuapp.exe
2018-05-08 16:22 - 2018-03-10 12:21 - 000140288 _____ (Microsoft Corporation) C:WINDOWSsystem32wuwebv.dll
2018-05-08 16:22 - 2018-03-10 12:21 - 000029696 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wuapp.exe
2018-05-08 16:22 - 2018-03-10 12:20 - 000124928 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wuwebv.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000726528 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wuapi.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000409088 _____ (Microsoft Corporation) C:WINDOWSsystem32WUSettingsProvider.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000095744 _____ (Microsoft Corporation) C:WINDOWSsystem32wudriver.dll
2018-05-08 16:22 - 2018-03-10 12:18 - 000081920 _____ (Microsoft Corporation) C:WINDOWSSysWOW64wudriver.dll
2018-05-08 16:22 - 2018-03-10 12:17 - 002240512 _____ (Microsoft Corporation) C:WINDOWSsystem32wucltux.dll
2018-05-08 16:22 - 2018-03-10 12:17 - 000897024 _____ (Microsoft Corporation) C:WINDOWSsystem32wuapi.dll
2018-05-08 16:22 - 2018-03-09 14:57 - 000276816 ____C (Microsoft Corporation) C:WINDOWSsystem32Driversmsiscsi.sys
2018-05-08 16:22 - 2018-03-03 12:24 - 001725952 _____ (Microsoft Corporation) C:WINDOWSsystem32msdtctm.dll
2018-05-08 16:22 - 2018-03-03 12:18 - 000894976 _____ (Microsoft Corporation) C:WINDOWSsystem32msdtcprx.dll
2018-05-08 16:22 - 2018-03-03 12:18 - 000322048 _____ (Microsoft Corporation) C:WINDOWSsystem32msdtcuiu.dll
2018-05-08 16:22 - 2018-03-03 12:15 - 000050688 _____ (Microsoft Corporation) C:WINDOWSSysWOW64xolehlp.dll
2018-05-08 16:22 - 2018-03-03 12:04 - 000741888 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msdtcprx.dll
2018-05-08 16:22 - 2018-03-03 12:04 - 000265728 _____ (Microsoft Corporation) C:WINDOWSSysWOW64msdtcuiu.dll
2018-05-08 16:22 - 2018-02-14 17:45 - 001308336 _____ (Microsoft Corporation) C:WINDOWSsystem32rpcrt4.dll
2018-05-08 16:22 - 2018-02-14 10:47 - 000747520 _____ (Microsoft Corporation) C:WINDOWSSysWOW64rpcrt4.dll

One Month Modified files and folders

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 15:54 - 2016-02-21 19:51 - 000000000 ____D C:UsersFlorettaAppDataLocalLowAdblock Plus for IE
2018-06-04 12:30 - 2016-02-22 20:43 - 000000000 ___RD C:UsersFlorettaOneDrive
2018-06-03 21:51 - 2017-06-28 00:04 - 000000000 ____D C:UsersFlorettaAppDataLocalLowMozilla
2018-06-02 08:03 - 2018-02-10 15:30 - 000003190 _____ C:WINDOWSSystem32TasksHPCeeScheduleForFloretta
2018-06-02 08:03 - 2018-02-10 15:30 - 000000370 _____ C:WINDOWSTasksHPCeeScheduleForFloretta.job
2018-06-01 17:32 - 2013-08-22 11:36 - 000000000 ____D C:WINDOWSAppReadiness
2018-06-01 09:55 - 2016-02-19 13:00 - 000003598 _____ C:WINDOWSSystem32TasksOptimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
2018-06-01 09:44 - 2013-08-22 10:45 - 000000006 ____H C:WINDOWSTasksSA.DAT
2018-06-01 09:43 - 2016-02-20 21:43 - 000065536 _____ C:WINDOWSsystem32spu_storage.bin
2018-06-01 09:43 - 2013-08-22 09:25 - 001048576 ___SH C:WINDOWSsystem32configBBI
2018-06-01 00:48 - 2016-04-09 21:30 - 000000000 ____D C:UsersFlorettaAppDataLocalCrashDumps
2018-05-31 20:46 - 2013-08-22 09:36 - 000000000 ____D C:WINDOWSInf
2018-05-30 23:23 - 2013-08-22 11:36 - 000000000 ___HD C:Program FilesWindowsApps
2018-05-28 16:31 - 2017-07-14 18:56 - 000000000 ____D C:AdwCleaner
2018-05-28 16:31 - 2016-02-19 13:42 - 000729734 _____ C:WINDOWSntbtlog.txt
2018-05-27 22:51 - 2016-06-21 01:09 - 000000000 ____D C:UsersFlorettaDesktopPrintable Puzzles
2018-05-27 21:32 - 2017-12-25 13:56 - 000000000 ____D C:UsersFlorettaAppDataLocalSkypePlugin
2018-05-27 13:01 - 2017-07-14 17:37 - 000003118 _____ C:UsersFlorettaDesktopRkill.txt
2018-05-22 18:11 - 2013-08-22 11:36 - 000000000 ____D C:WINDOWSSysWOW64Macromed
2018-05-22 18:11 - 2013-08-22 11:36 - 000000000 ____D C:WINDOWSsystem32Macromed
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:ProgramDataMalwarebytes
2018-05-22 15:12 - 2016-03-12 11:09 - 000000000 ____D C:Program Files (x86)Malwarebytes Anti-Malware
2018-05-20 22:03 - 2017-02-20 20:53 - 000000000 ____D C:UsersFlorettaDesktopHidden City Pics
2018-05-18 12:31 - 2016-02-26 15:31 - 000000000 ____D C:UsersFlorettaAppDataLocalElevatedDiagnostics
2018-05-15 09:52 - 2016-02-21 16:47 - 000000000 ____D C:ProgramDataMalwarebytes Anti-Exploit
2018-05-10 01:29 - 2016-02-20 21:54 - 000000000 ____D C:UsersFloretta
2018-05-10 00:36 - 2017-11-06 22:54 - 000000000 ____D C:WINDOWSMinidump
2018-05-10 00:36 - 2017-11-06 22:53 - 411844405 _____ C:WINDOWSMEMORY.DMP
2018-05-09 20:09 - 2013-08-22 11:36 - 000000000 ____D C:WINDOWSrescache
2018-05-08 17:03 - 2013-08-22 10:44 - 000351024 _____ C:WINDOWSsystem32FNTCACHE.DAT
2018-05-08 16:38 - 2012-07-26 03:59 - 000000000 ____D C:WINDOWSCbsTemp
2018-05-08 16:29 - 2016-02-19 17:27 - 000000000 ____D C:WINDOWSsystem32MRT
2018-05-08 16:25 - 2017-10-11 12:17 - 141696960 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT-KB890830.exe
2018-05-08 16:25 - 2016-02-19 17:27 - 141696960 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe

Some files in TEMP:
2018-05-24 15:58 - 2018-05-24 15:58 - 001444000 _____ (Sysinternals - www.sysinternals.com) C:UsersFlorettaAppDataLocalTempprocexp64.exe

Bamital & volsnap

(There is no automatic fix for files that do not pass verification.)

C:WINDOWSsystem32winlogon.exe => File is digitally signed
C:WINDOWSsystem32wininit.exe => File is digitally signed
C:WINDOWSexplorer.exe => File is digitally signed
C:WINDOWSSysWOW64explorer.exe => File is digitally signed
C:WINDOWSsystem32svchost.exe => File is digitally signed
C:WINDOWSSysWOW64svchost.exe => File is digitally signed
C:WINDOWSsystem32services.exe => File is digitally signed
C:WINDOWSsystem32User32.dll => File is digitally signed
C:WINDOWSSysWOW64User32.dll => File is digitally signed
C:WINDOWSsystem32userinit.exe => File is digitally signed
C:WINDOWSSysWOW64userinit.exe => File is digitally signed
C:WINDOWSsystem32rpcss.dll => File is digitally signed
C:WINDOWSsystem32dnsapi.dll => File is digitally signed
C:WINDOWSSysWOW64dnsapi.dll => File is digitally signed
C:WINDOWSsystem32Driversvolsnap.sys => File is digitally signed

LastRegBack: 2018-06-01 09:55

End of FRST.txt

Additional Farbar Scan Below:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Floretta (04-06-2018 16:57:20)
Running from C:UsersFlorettaDesktop
Windows 8.1 (Update) (X64) (2016-02-21 02:19:22)
Boot Mode: Normal

Hidden

Accounts:

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:UsersFloretta
Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

Security Center

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Installed Programs

(Only the adware programs with 'Hidden' flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM...{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM...{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Flash Player 29 NPAPI (HKLM-x32...Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AMD Software (HKLM...AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM...{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM...{7A48FE92-F9B4-8FFA-7BAD-21CB7DEE1569}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM...{4BC416EA-CBC5-13FD-C83A-4B1FAF67098C}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM...{A6E62176-8E19-D5FD-E6B1-C7AC8B0BE9CF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM...{03D53E62-3033-2B6E-6250-94654C7062BF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM...{03B1860D-A09B-27EB-7EAC-0E5F174032CA}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM...{F3CE6F28-D740-5366-D67B-D7398F44070B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM...{E5F6E095-5DF7-A975-E20A-F65CF09C7F86}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM...{83F34886-010B-6557-AF96-476B11064769}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM...{EBA40A2A-104A-7494-7963-BC57B5E01BA5}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM...{22D2669B-33CC-C6C4-88B8-974AD4A214DB}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM...{0320DCC1-BF31-C4F1-11D9-A7F8AF76A2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM...{32841394-3CE1-B9AD-09C3-282D9B067B1B}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM...{7ACC0D20-8698-07B4-5D47-65C62E7A5A55}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM...{0134E878-7296-5829-EE57-93694856559E}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM...{8D1A4287-CD2E-CED5-82CF-91623D0D150D}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM...{77C3894A-381D-EADC-C563-80E0FFCCBF99}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM...{93C07327-4DFD-ECFE-330F-F3C57467F2AF}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM...{A3E8927D-6EA7-6627-1C91-ECC2AEF84B37}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM...{43C32BFA-A561-E815-D107-DDDE2A554C7F}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM...{F9234F4E-4A77-228E-0A22-30B5E7FFC555}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM...{A1C005FB-2101-7DB0-626B-130420EAFEF6}) (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32...InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32...InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32...InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32...InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32...InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32...InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32...InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (HKLM-x32...{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32...{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Ghostery (HKLM-x32...Ghostery) (Version: - Ghostery Inc)
Google Chrome (HKLM-x32...Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32...{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32...{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM...{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32...{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.6.18.11 - HP)
HP Support Information (HKLM-x32...{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32...{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.9.18.3 - HP)
Malwarebytes version 3.5.1.2522 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office (HKLM-x32...{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32...{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM...{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32...{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32...{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32...{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32...{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32...{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32...{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM...Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32...{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32...{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32...{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32...{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Skype™ 7.30 (HKLM-x32...{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM...{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Vulkan Run Time Libraries 1.0.26.0 (HKLM...VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32...WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Custom CLSID (Whitelisted):

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:Program Files (x86)Common FilesCyberLinkShellExtComponentCLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:Program Files (x86)Common FilesCyberLinkShellExtComponentCLVDShellExt.dll [2013-05-24] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:Program Files7-Zip7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:Program FilesAMDCNextCNextatiacm64.dll [2016-12-23] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:Program FilesMalwarebytesAnti-Malwarembshlext.dll [2018-05-03] (Malwarebytes)

Scheduled Tasks (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A88D1A9-6C18-4B22-A903-B3EEF21D0392} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:Program FilesWindows DefenderMpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32TasksCLVDLauncher => c:Program Files (x86)CyberLinkPower2Go8CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {1983D6CE-029E-42C2-B4F0-689ED5F00852} - System32TasksHPCeeScheduleForFloretta => C:Program Files (x86)Hewlett-PackardHP CeementHPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {20BE4CFD-460E-436B-9181-644A0827D93D} - System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32TasksHewlett-PackardHP Support AssistantHP Support Solutions Framework Updater => C:Program Files (x86)Hewlett-PackardHP Support SolutionsModulesHPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {3A1E4B46-A32F-444B-A609-3223371C251F} - System32TasksHewlett-PackardHP Support AssistantWarrantyChecker => C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPWarrantyCheckHPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {3CA45824-207F-42F8-BE97-099660955587} - System32TasksMirageAgent => C:Program Files (x86)CyberLinkYouCamYCMMirage.exe
Task: {43A2F4D9-1F0E-4371-89BB-E05EAB0F3EB2} - System32TasksHewlett-PackardHP Active HealthHP Active Health Scan (HPSA) => C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPActiveHealthActiveHealth.exe [2017-11-18] ()
Task: {4853AD43-C3CE-4892-A19C-03AFC0C2D5E6} - System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2018-05-26] (Google Inc.)
Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32TasksHewlett-PackardHP Support AssistantHP Support Solutions Framework Report => C:Program Files (x86)Hewlett-PackardHP Support SolutionsModulesHPSFReport.exe [2017-06-22] (HP Inc.)
Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32TasksHewlett-PackardHP Support AssistantPC Health Analysis => C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe [2018-05-04] (HP Inc.)
Task: {7318E5DD-C0AD-4065-B450-CC2961A6F30D} - System32TasksStartCN => C:Program FilesAMDCNextCNextcncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)
Task: {7DFD7891-9940-486E-9905-A28599E00594} - System32TasksHewlett-PackardHP Support AssistantProduct Configurator => C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesProductConfig.exe [2018-05-11] (HP Inc.)
Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32TasksCLMLSvc_P2G8 => c:Program Files (x86)CyberLinkPower2Go8CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {A6EA9588-98FC-4ABA-828A-5E5C6814E73E} - System32TasksAdobe Flash Player Updater => C:WINDOWSSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2018-05-22] (Adobe Systems Incorporated)
Task: {BFD5E213-CECC-4613-B21A-36A4A3717134} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:Program FilesWindows DefenderMpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {C9C1F9DB-77C6-425A-A3C1-09290A794C19} - System32TasksAdobe Flash Player NPAPI Notifier => C:WINDOWSSysWOW64MacromedFlashFlashUtil32_29_0_0_171_Plugin.exe [2018-05-22] (Adobe Systems Incorporated)
Task: {CC901A7E-F995-48E1-967B-00FC5D227780} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:Program FilesWindows DefenderMpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EAB29C2C-EF05-4888-AC31-FB0891B79C1F} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:Program FilesWindows DefenderMpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32TasksHewlett-PackardHP Support AssistantHP Support Solutions Framework Updater - Resources => C:Program Files (x86)Hewlett-PackardHP Support SolutionsModulesHPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32TasksHewlett-PackardHP Support AssistantHP Support Assistant Quick Start => C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe [2018-05-04] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:WINDOWSTasksHPCeeScheduleForFloretta.job => C:Program Files (x86)Hewlett-PackardHP CeementHPCEE.exe

Shortcuts & WMI

(The entries could be listed to be restored or removed.)

Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles-14507302110.lnk -> hxxp://www.100reasonstorecover.org
Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles-3047420720.lnk -> hxxp://www.rheumatology.org/I-Am-A/Patient-Caregive
Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles13569778940.lnk -> hxxp://www.rheumresearch.org/patients-familie
Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles4409334790.lnk -> hxxp://www.niams.nih.gov
Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles6214829320.lnk -> hxxp://www.arthritis.org
Shortcut: C:UsersFlorettaAppDataLocalMicrosoftWindowsRoamingTiles7206166770.lnk -> hxxp://simpletasks.org

ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default-14507302110.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x0e162895 -pinnedTimeHigh 0x01d21a01 -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000023 hxxp://www.100reasonstorecover.org/
ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default-3047420720.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x3f50896e -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000034 hxxp://www.rheumatology.org/I-Am-A/Patient-Caregiver
ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default13569778940.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0xf59b6a37 -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000001 -url 0x0000002e hxxp://www.rheumresearch.org/patients-families
ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default4409334790.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x9bf0adbe -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.niams.nih.gov/
ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default6214829320.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x5af70f22 -pinnedTimeHigh 0x01d241cb -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000019 hxxp://www.arthritis.org/
ShortcutWithArgument: C:UsersFlorettaAppDataLocalMicrosoftWindowsApplication ShortcutsMicrosoft.InternetExplorer.Default7206166770.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x7488770f -pinnedTimeHigh 0x01d241ca -securityFlags 0x00000000 -tileType 0x00000000 -url 0x00000017 hxxp://simpletasks.org/

Loaded Modules (Whitelisted)

2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:Program FilesAMDCNextCNextQtQuick.2qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000739840 _____ () C:Program FilesAMDCNextCNextQtQuickControlsqtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000014336 _____ () C:Program FilesAMDCNextCNextQtQuickWindow.2windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000071168 _____ () C:Program FilesAMDCNextCNextQtQuickLayoutsqquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 000011776 _____ () C:Program FilesAMDCNextCNextlibEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 002013696 _____ () C:Program FilesAMDCNextCNextlibGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 000191488 _____ () C:Program FilesAMDCNextCNextQtQuickDialogsdialogplugin.dll
2016-02-18 20:07 - 2013-03-12 10:51 - 000626240 _____ () c:Program Files (x86)CyberLinkPower2Go8CLMediaLibrary.dll
2013-03-13 02:53 - 2013-03-13 02:53 - 000015424 _____ () c:Program Files (x86)CyberLinkPower2Go8CLMLSvcPS.dll

Alternate Data Streams (Whitelisted)

(If an entry is included in the fixlist, only the ADS will be removed.)

Safe Mode (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The 'AlternateShell' will be restored.)

HKLMSYSTEMCurrentControlSetControlSafeBootMinimalC9294A81.sys => '='Driver'
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMService => '='Service'
HKLMSYSTEMCurrentControlSetControlSafeBootMinimalMBAMSwissArmy => '='Driver'
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkC9294A81.sys => '='Driver'
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMService => '='Service'
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMBAMSwissArmy => '='Driver'

Association (Whitelisted)

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

Internet Explorer trusted/restricted

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKUS-1-5-21-2603647047-4195809022-826204347-1001...microsoft.com -> hxxps://support.microsoft.com
IE restricted site: HKUS-1-5-21-2603647047-4195809022-826204347-1001...coupons.com -> www.coupons.com
IE restricted site: HKUS-1-5-21-2603647047-4195809022-826204347-1001...ppjol.net -> hxxp://s.ppjol.net
IE restricted site: HKUS-1-5-21-2603647047-4195809022-826204347-1001...tradedoubler.com -> clkuk.tradedoubler.com

Hosts content:

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2018-05-28 11:22 - 000475748 _____ C:WINDOWSsystem32Driversetchosts

127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 ad.activesolutions.cz
0.0.0.0 app.activetrail.com
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
0.0.0.0 adadvisor.net
0.0.0.0 wad.adbasket.net

There are 12587 more lines.

Other Areas

(Currently there is no automatic fix for this section.)

HKUS-1-5-21-2603647047-4195809022-826204347-1001Control PanelDesktopWallpaper -> C:UsersFlorettaPicturesRoyalBarge_EN-US7484780716_1920x1200.jpg
DNS Servers: 75.114.81.1 - 209.18.47.62
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

MSCONFIG/TASK MANAGER disabled items

HKUS-1-5-21-2603647047-4195809022-826204347-1001...StartupApprovedRun: => 'Skype'

FirewallRules (Whitelisted)

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{137E5125-6324-4735-B4C4-999E98C6A78F}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12MoviePowerDVD.exe
FirewallRules: [{2AAB140D-AA0B-4FF2-8792-6BDBAC0935C7}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12ML.exe
FirewallRules: [{F2CF8C92-75F1-4D65-B9AD-B63EEC4873C2}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12Agent.exe
FirewallRules: [{8DA219C1-ABDB-4A54-B313-CA52D3A75680}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12KernelDMSCLMSServerPDVD12.exe
FirewallRules: [{57D3D61A-3E2A-4C3B-9D86-7402DC023803}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12KernelDMRPowerDVD12DMREngine.exe
FirewallRules: [{BBE25CA3-364A-4585-B20E-7292E1569157}] => (Allow) C:Program Files (x86)CyberLinkPowerDVD12PowerDVD12.exe
FirewallRules: [{B227A311-0C2C-4155-B489-AB4893B75870}] => (Allow) C:Program Files (x86)CyberLinkPowerDirector10PDR10.EXE
FirewallRules: [{A2B4AFAB-321F-414F-9C1A-AA3B9EF75521}] => (Allow) C:UsersAdministratorAppDataLocalMicrosoftSkyDriveSkyDrive.exe
FirewallRules: [{04EFC315-78DC-4AB7-9FB5-A1877779EC32}] => (Allow) c:Program Files (x86)CyberLinkPowerDirector10PDR10.EXE
FirewallRules: [{CDE4800B-3056-4E36-8C15-AD77B001E07F}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe
FirewallRules: [{79F5ADC9-C5E5-4135-AEF8-DB5AF68FA187}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe
FirewallRules: [{0CDE195F-6BA6-4B5C-BCD2-6F3E134FAD00}] => (Allow) C:Program FilesBonjourmDNSResponder.exe
FirewallRules: [{B3802CAC-3E49-4899-BDB0-51EE17A54BAD}] => (Allow) C:Program FilesBonjourmDNSResponder.exe
FirewallRules: [{527D1A1F-9F05-41B1-9BED-070C640C3143}] => (Allow) C:Program FilesUVK - Ultra Virus KillerUVK_en.exe
FirewallRules: [{69358BAF-CA5A-4F21-A462-854DF705E503}] => (Allow) C:Program FilesUVK - Ultra Virus KillerUVK_en.exe
FirewallRules: [{2B2A76CE-B6CA-4071-A983-A14A5B46B6B5}] => (Allow) C:Program FilesUVK - Ultra Virus KillerUVK_en.exe
FirewallRules: [{5CBE103F-522A-4A6A-A207-B37961D50B55}] => (Allow) C:Program Files (x86)Windows LiveContactswlcomm.exe
FirewallRules: [{94EC8069-A000-4835-9B59-E97BC19962EE}] => (Allow) LPort=2869
FirewallRules: [{8F27F72F-5CC3-403A-B454-1C94BC89C6F4}] => (Allow) LPort=1900
FirewallRules: [{B3B4D3A7-16A3-48B0-B0BC-87E2F8AFBB45}] => (Allow) C:Program Files (x86)SkypePhoneSkype.exe
FirewallRules: [TCP Query User{8EE0C344-6278-4915-B389-270E8A42CF70}C:usersflorettaappdatalocalamazon musicamazon music helper.exe] => (Block) C:usersflorettaappdatalocalamazon musicamazon music helper.exe
FirewallRules: [UDP Query User{CF5548D4-8469-4263-904B-D096B9FB7563}C:usersflorettaappdatalocalamazon musicamazon music helper.exe] => (Block) C:usersflorettaappdatalocalamazon musicamazon music helper.exe
FirewallRules: [TCP Query User{945024AE-9CFE-4C6D-847E-D1A941F9CB74}C:usersflorettaappdatalocalskypepluginpluginhost.exe] => (Block) C:usersflorettaappdatalocalskypepluginpluginhost.exe
FirewallRules: [UDP Query User{1FD70BB5-8ECB-46FF-BDDA-8F991663830D}C:usersflorettaappdatalocalskypepluginpluginhost.exe] => (Block) C:usersflorettaappdatalocalskypepluginpluginhost.exe
FirewallRules: [{DBBBD13F-E9A8-4A88-85BD-426C58F33374}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe
FirewallRules: [{0407503D-2BC0-4792-8E4E-49E8B3927EBE}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe
FirewallRules: [{25940296-21D3-403E-9F72-875FE8AF2397}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe

Restore Points

18-05-2018 19:03:34 Scheduled Checkpoint
27-05-2018 00:58:18 Scheduled Checkpoint
03-06-2018 14:05:11 Scheduled Checkpoint

Faulty Device Manager Devices

Event log errors:

Application errors:
Error: (06/04/2018 04:58:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:58:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:57:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:57:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:57:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:57:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:56:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:56:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:56:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:56:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:55:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:55:36Z. Error Code: 0x80070005.

Error: (06/04/2018 04:55:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:55:06Z. Error Code: 0x80070005.

Error: (06/04/2018 04:54:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2118-05-11T20:54:36Z. Error Code: 0x80070005.

System errors:
Error: (06/04/2018 12:42:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 20 time(s).

Error: (06/04/2018 12:12:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 19 time(s).

Error: (06/04/2018 02:01:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 18 time(s).

Error: (06/04/2018 02:00:57 AM) (Source: DCOM) (EventID: 10010) (User: LA-LA-LOOPSY)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (06/04/2018 12:17:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 17 time(s).

Error: (06/03/2018 04:29:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 16 time(s).

Error: (06/03/2018 02:52:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 15 time(s).

Error: (06/03/2018 12:17:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 14 time(s).

Windows Defender:
Date: 2018-06-04 15:59:39.067
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {193E5D7D-7B3E-4605-85F2-AFDE23FC84CD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 11:27:17.775
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {2924F708-0195-457F-B17B-6375F11A5CF3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:57:33.165
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {5E8622DB-421B-4B15-A1F4-35AD1998F7E4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:34:18.535
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C1B30562-646D-4CEE-AC14-1634F89B9EEF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-04 10:25:37.962
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {F1946C9F-C1F5-4555-BB3A-497F6DEA6921}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-30 23:10:34.832
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:34.832
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:33.692
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:33.676
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2018-05-30 23:10:21.520
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.301.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:

Hidden City Mystery Of Shadows Download Queue 2017

Date: 2018-05-22 23:05:34.797
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-05-22 23:05:33.140
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Hidden City Mystery Of Shadows Downloads

Date: 2018-04-06 22:11:04.911
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-04-06 22:11:01.036
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:18.538
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-12-25 13:00:16.616
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-14 18:29:05.820
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4WindowsSystem32svchost.exe) attempted to load DeviceHarddiskVolume4Program FilesEmsisoft Anti-Malwarea2hooks64.dll that did not meet the Windows signing level requirements.

Hidden City Mystery Of Shadows Game Ti…

Date: 2017-06-15 15:24:34.709
Description:
Code Integrity determined that a process (DeviceHarddiskVolume4Program FilesWindows DefenderMsMpEng.exe) attempted to load DeviceHarddiskVolume4Program FilesBonjourmdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Memory info

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 3541.63 MB
Available physical RAM: 2456.47 MB
Total Virtual: 4380.43 MB
Available Virtual: 2590.94 MB

Drives

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:390.97 GB) NTFS >[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS >[system with boot components (obtained from drive)]

?Volume{7fa8be3a-4d0a-45fc-a706-4728fca00ad0} (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
?Volume{459a5572-f25b-45fe-98b3-e2ef6e4d26bd} () (Fixed) (Total:0.44 GB) (Free:0.17 GB) NTFS

Hidden City Mystery Of Shadows Download Queue

MBR & Partition Table


Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

End of Addition.txt

Hidden City Mystery Of Shadows Download Queue Full