Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Corrupt Folder; now Tracie Admin/AddData\local\toshiba corru

Started by callotheloon , Oct 21 2018 07:06 AM
corrupt unreadable;

  • Please log in to reply

#1
callotheloon
Posted 21 October 2018 - 07:06 AM

callotheloon

    Member

  • Member
  • PipPip
  • 35 posts

Hi I have a Toshiba laptop (Satellite L745) with windows 7 home premium. a few days ago, out of the blue, I couldn't access a major folder on my computer; my Marketing folder which is inside of Nature to Nurture folder.  The chkdsk feature wouldn't work. I got errors. oh... "a local disk has the dirty bit set. Volume Dirty. Flag set on disk. Run chkdsk then shkdsk/f.   wouldn't run these.

 

today, upon turning on my computer, I get the error in the title above. Major file corrupt.  Is this computer toast? or fixable. This week is launch week as a new life coach...tons of programs and marketing. How do these things know how to pick terrible times to malfunction? thank you so much
Tracie

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Tracie Admin (administrator) on TRACIEADMIN-PC (21-10-2018 08:55:17)
Running from C:\Users\Tracie Admin\Downloads
Loaded Profiles: Tracie Admin (Available Profiles: Tracie Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fshoster64.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fsorsp64.exe
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\Charter Security Suite\fshoster32.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Epic Privacy Browser) C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [562304 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\Run: [Epic Privacy Browser Installer] => C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2017-03-31] (Epic Privacy Browser)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2017-12-18]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\C:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0E230F62-7340-4D30-AB94-03764A761DAD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
HKU\S-1-5-21-4012123907-465974096-959493378-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com/
HKU\S-1-5-21-4012123907-465974096-959493378-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/
SearchScopes: HKLM -> DefaultScope {E824A925-2C48-4212-AFEF-F7C8CE2AF676} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {E824A925-2C48-4212-AFEF-F7C8CE2AF676} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {E824A925-2C48-4212-AFEF-F7C8CE2AF676} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {E824A925-2C48-4212-AFEF-F7C8CE2AF676} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4012123907-465974096-959493378-1000 -> {3EB87911-FF31-4E48-8AA4-81CB01647696} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS738
SearchScopes: HKU\S-1-5-21-4012123907-465974096-959493378-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4012123907-465974096-959493378-1000 -> {E824A925-2C48-4212-AFEF-F7C8CE2AF676} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https64.dll [2018-09-17] (F-Secure Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2018-06-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2018-06-04] (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Browsing Protection by F-Secure -> {45BBE08D-81C5-4A67-AF20-B2A077C67747} -> C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\browser\install\fs_ie_https\fs_ie_https.dll [2018-09-17] (F-Secure Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-03] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKU\S-1-5-21-4012123907-465974096-959493378-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Extension: (Browsing Protection by F-Secure) - C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi [2018-09-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\browser\install\fs_firefox_https\fs_firefox_https.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-01] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2018-06-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2018-06-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-01] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-03] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-08-02] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4012123907-465974096-959493378-1000: @freeconferencecall.com/launcher -> C:\Users\Tracie Admin\AppData\Local\FCCPlugins\npfcclauncher.dll [2017-05-04] (FreeConferenceCall)
FF Plugin HKU\S-1-5-21-4012123907-465974096-959493378-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-03-31] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-4012123907-465974096-959493378-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2017-03-31] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-4012123907-465974096-959493378-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Tracie Admin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-09-19] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR NewTab: Default ->  Active:"chrome-extension://fjlhfaldlpondapbablkdnjpbeaonhhp/index.html", Not-active:"chrome-extension://eedlgdlajadkbbjoobobefphmfkcchfk/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.ecosia.org/search?q={searchTerms}&addon=chrome
CHR DefaultSearchKeyword: Default -> ecosia.org
CHR Profile: C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (FreeConference Screen Sharing) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpjkkfchioajabmoedekiboendgaccf [2018-02-28]
CHR Extension: (FreeConferenceCall.com Launcher) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkkecfjcahaciigdkmmbfaoejneoogj [2018-07-20]
CHR Extension: (Honey) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-08-27]
CHR Extension: (Ecosia Omnibar Redirect (Legacy)) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2017-05-14]
CHR Extension: (Ecosia) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedlgdlajadkbbjoobobefphmfkcchfk [2017-07-08]
CHR Extension: (Seeker Start) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjlhfaldlpondapbablkdnjpbeaonhhp [2018-07-18]
CHR Extension: (Google Docs Offline) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-25]
CHR Extension: (UberConference Screen Sharing) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2018-02-28]
CHR Extension: (Browsing Protection by F-Secure) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2018-02-09]
CHR Extension: (FreeConferenceCall.com Scheduler) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhjonocnlnodflomblbjnjdpllkeljo [2018-10-17]
CHR Extension: (Trending Search) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccofjdhdalnlcbneegohoiajcgfijkg [2018-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Tracie Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-19]
CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [184800 2017-08-23] (F-Secure Corporation)
R2 fsnethoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [184800 2017-08-23] (F-Secure Corporation)
R2 fsulhoster; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fshoster64.exe [581160 2018-09-17] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fsorsp64.exe [78304 2018-09-17] (F-Secure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fsulprothoster.exe [581160 2018-09-17] (F-Secure Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-08-02] (Nitro Software, Inc.)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [123320 2011-07-19] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fsulgk.sys [251728 2018-09-17] (F-Secure Corporation)
R1 F-Secure UL HIPS; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\fshs.sys [112312 2018-09-17] (F-Secure Corporation)
R0 fsbts; C:\windows\System32\drivers\fsbts.sys [65872 2018-08-08] ()
R3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\nif\1537173264\fsni64.sys [112456 2018-09-17] (F-Secure Corporation)
S3 MSPQM; C:\windows\System32\drivers\MSPQM.sys [6784 2009-07-13] () [File not signed]
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-21 08:55 - 2018-10-21 08:56 - 000023443 _____ C:\Users\Tracie Admin\Downloads\FRST.txt
2018-10-21 08:54 - 2018-10-21 08:55 - 000000000 ____D C:\FRST
2018-10-21 08:54 - 2018-10-21 08:54 - 002414592 _____ (Farbar) C:\Users\Tracie Admin\Downloads\FRST64.exe
2018-10-21 08:42 - 2018-10-21 08:42 - 000002361 _____ C:\Users\Tracie Admin\Documents\Abundance Confirmation - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000002334 _____ C:\Users\Tracie Admin\Documents\grantedits - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000002087 _____ C:\Users\Tracie Admin\Documents\beme - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000002030 _____ C:\Users\Tracie Admin\Documents\3 - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000002030 _____ C:\Users\Tracie Admin\Documents\2 - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000002030 _____ C:\Users\Tracie Admin\Documents\1 - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000001806 _____ C:\Users\Tracie Admin\Documents\accountingnaturetonurture2018 - Shortcut.lnk
2018-10-21 08:42 - 2018-10-21 08:42 - 000001602 _____ C:\Users\Tracie Admin\Documents\yard sale - Shortcut.lnk
2018-10-20 11:26 - 2018-10-20 11:32 - 000068096 _____ C:\Users\Tracie Admin\Documents\halloween banner.pub
2018-10-20 10:49 - 2018-10-20 10:49 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\{DD6E0AB4-9AF4-4BFB-B096-D97535DD06AD}
2018-10-18 14:38 - 2018-10-18 14:38 - 000000017 _____ C:\Users\Tracie Admin\AppData\Local\resmon.resmoncfg
2018-10-17 16:52 - 2018-10-17 16:52 - 020054759 _____ C:\Users\Tracie Admin\Downloads\20180915_180053.mp4
2018-10-17 16:51 - 2018-10-17 16:51 - 019416723 _____ C:\Users\Tracie Admin\Downloads\VID_20180915_181003.mp4
2018-10-17 16:51 - 2018-10-17 16:51 - 000153341 _____ C:\Users\Tracie Admin\Downloads\20180915_180114(1).mp4
2018-10-15 14:21 - 2018-10-15 14:21 - 000006166 _____ C:\Users\Tracie Admin\Downloads\export_20181015142145.csv
2018-10-09 11:09 - 2018-10-09 11:10 - 000126232 _____ C:\Users\Tracie Admin\Desktop\MAB100 - Application for Disabled Parking - Fillable.pdf
2018-10-07 09:28 - 2018-10-07 09:28 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\{2FAA900F-C782-4E45-A5AA-99B7F46A18EB}
2018-10-03 10:05 - 2018-10-03 10:05 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\{A6509577-01CE-49FE-B5B2-B2B9ECED6122}
2018-10-03 08:29 - 2018-10-03 08:29 - 000000000 ___SD C:\Users\Tracie Admin\Documents\My Data Sources
2018-09-29 17:08 - 2018-09-29 17:08 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\{1E85B907-CCE3-4212-A22B-6A26AAFD2933}
2018-09-29 17:06 - 2018-09-29 17:06 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\{AF1C7E71-B646-40BC-B7D5-1B3C59F7E9A8}
2018-09-27 21:05 - 2018-09-27 21:05 - 001597294 _____ C:\Users\Tracie Admin\Downloads\Holiday Pop-Up1 Flyer (4).pdf
2018-09-27 20:38 - 2018-09-27 20:38 - 000078172 _____ C:\Users\Tracie Admin\Downloads\nopurge letter (1).pdf
2018-09-27 20:30 - 2018-09-27 20:30 - 000078172 _____ C:\Users\Tracie Admin\Downloads\nopurge letter.pdf
2018-09-27 10:53 - 2018-09-27 10:53 - 000017199 _____ C:\Users\Tracie Admin\Downloads\OBJECTIVES SPREADSHEET 0918.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-21 08:55 - 2017-03-30 19:20 - 000017920 _____ C:\windows\system32\rpcnetp.exe
2018-10-21 08:45 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-21 08:45 - 2009-07-14 00:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-21 08:40 - 2009-07-14 01:13 - 000782470 _____ C:\windows\system32\PerfStringBackup.INI
2018-10-21 08:40 - 2009-07-13 23:20 - 000000000 ____D C:\windows\inf
2018-10-21 08:36 - 2017-03-31 11:22 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\Epic Privacy Browser
2018-10-21 08:35 - 2017-03-30 19:21 - 000017920 _____ C:\windows\SysWOW64\rpcnetp.dll
2018-10-21 08:35 - 2017-03-30 19:12 - 000073232 _____ (Absolute Software Corp.) C:\windows\SysWOW64\rpcnet.dll
2018-10-21 08:35 - 2009-07-14 01:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-10-21 08:34 - 2017-03-30 19:20 - 000017920 _____ C:\windows\SysWOW64\rpcnetp.exe
2018-10-20 11:37 - 2017-07-25 19:37 - 000000353 _____ C:\windows\BRRBCOM.INI
2018-10-20 11:22 - 2018-03-20 12:59 - 000000580 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4012123907-465974096-959493378-1000.job
2018-10-20 11:17 - 2017-09-08 22:34 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\NitroSpoolDir
2018-10-20 11:17 - 2017-07-25 20:14 - 000000000 ____D C:\Users\Tracie Admin\AppData\Roaming\Nitro
2018-10-20 11:11 - 2018-03-20 12:59 - 000000676 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-4012123907-465974096-959493378-1000.job
2018-10-20 09:09 - 2018-01-01 21:26 - 000000402 _____ C:\windows\Tasks\update-sys.job
2018-10-20 08:41 - 2018-01-01 21:26 - 000000402 _____ C:\windows\Tasks\update-S-1-5-21-4012123907-465974096-959493378-1000.job
2018-10-19 16:19 - 2018-01-10 21:32 - 000437248 ___SH C:\Users\Tracie Admin\Desktop\Thumbs.db
2018-10-18 14:43 - 2017-11-05 18:20 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\ElevatedDiagnostics
2018-10-15 04:38 - 2018-03-20 12:59 - 000000000 ____D C:\Users\Tracie Admin\AppData\Local\GoToMeeting
2018-10-14 22:27 - 2017-03-31 14:03 - 000040448 _____ C:\Users\Tracie Admin\Documents\Abundance Confirmation.xls
2018-10-14 13:44 - 2017-03-31 10:32 - 000000610 _____ C:\windows\Tasks\Scheduled scanning task.job
2018-10-13 19:46 - 2018-03-20 12:59 - 000003728 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-4012123907-465974096-959493378-1000
2018-10-13 19:46 - 2018-03-20 12:59 - 000003632 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4012123907-465974096-959493378-1000
2018-10-09 09:31 - 2017-04-17 13:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-09 09:30 - 2017-03-31 13:57 - 000000000 ____D C:\Users\Tracie Admin\Desktop\Resources
2018-10-06 08:25 - 2017-08-18 12:34 - 000000000 ____D C:\Users\Tracie Admin\Desktop\Nature to Nurture
2018-09-21 09:18 - 2018-07-10 14:52 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== Files in the root of some directories =======
 
2013-01-11 15:13 - 2013-01-11 15:13 - 000022464 _____ (Intel Corporation) C:\Users\Tracie Admin\AppData\Roaming\JomCap.dll
2017-07-26 21:03 - 2017-07-26 21:03 - 000000008 ____H () C:\Users\Tracie Admin\AppData\Local\L8457789120
2018-10-18 14:38 - 2018-10-18 14:38 - 000000017 _____ () C:\Users\Tracie Admin\AppData\Local\resmon.resmoncfg
2018-01-01 21:26 - 2018-01-01 21:26 - 000000003 _____ () C:\Users\Tracie Admin\AppData\Local\updater.log
2018-01-01 21:26 - 2018-01-01 21:26 - 000000425 _____ () C:\Users\Tracie Admin\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
2017-04-08 09:56 - 2017-04-08 09:56 - 002612600 _____ (Microsoft Corporation) C:\Users\Tracie Admin\AppData\Local\Temp\DefaultPack.EXE
2018-01-18 01:31 - 2018-01-18 01:31 - 000887480 _____ (NCH Software) C:\Users\Tracie Admin\AppData\Local\Temp\nch1setup.exe
2017-03-31 12:57 - 2017-03-31 12:57 - 014456872 _____ (Microsoft Corporation) C:\Users\Tracie Admin\AppData\Local\Temp\vc_redist.x86.exe
2006-05-24 13:10 - 2006-05-24 13:10 - 000455600 ____R (Macrovision Corporation) C:\Users\Tracie Admin\AppData\Local\Temp\_is18EC.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\bitsprx2.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-08-09 14:23
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by Tracie Admin (21-10-2018 08:57:20)
Running from C:\Users\Tracie Admin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2017-03-30 21:29:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4012123907-465974096-959493378-500 - Administrator - Disabled)
Guest (S-1-5-21-4012123907-465974096-959493378-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4012123907-465974096-959493378-1002 - Limited - Enabled)
Tracie Admin (S-1-5-21-4012123907-465974096-959493378-1000 - Administrator - Enabled) => C:\Users\Tracie Admin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Security Suite by F-Secure (Enabled - Up to date) {8AC831E5-DF57-0DC0-D07B-4DE1A5FFFD9A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Security Suite by F-Secure (Enabled - Up to date) {31A9D001-F96D-024E-EACB-7693DE78B727}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Computer Security 17.193.128.0 (release) (HKLM-x32\...\{658FDBCA-B7A1-43E4-A849-9F0812473331}) (Version: 17.193.128.0 - F-Secure Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 3.00 - NCH Software)
Epic Privacy Browser (HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\Epic) (Version: 62.0.3202.94 - Epic)
FATE - The Traitor Soul (HKLM-x32\...\WTA-cd18437b-7c38-417a-9d34-24e48633fdfd) (Version: 2.2.0.95 - WildTangent) Hidden
FCC (HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\FCC) (Version: 2.8.17248.1001 - FreeConferenceCall LLC)
FileMaker Pro 12 (HKLM-x32\...\{198945E2-E089-4094-A63D-166DBE8B87DF}) (Version: 12.0.1.0 - FileMaker, Inc.) Hidden
FileMaker Pro 12 (HKLM-x32\...\{198945E2-E089-4094-A63D-166DBE8B87DF}_FileMaker) (Version: 12.0.1.0 - FileMaker, Inc.)
FlameRobin 0.9.3 (HKLM-x32\...\FlameRobin_is1) (Version:  - The FlameRobin Project)
F-Secure CCF Reputation (HKLM-x32\...\{D864A15F-64B4-49B1-832C-21EDB46843B7}) (Version: 100.0.0.0 - F-Secure) Hidden
F-Secure CCF Scanning Dummy 3.0.12 (release) (HKLM-x32\...\{99924D6C-E069-4C91-AB86-1722282FC858}) (Version: 3.0.12 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.04.266 (HKLM-x32\...\{A61B6381-E40A-4C8C-BB38-FD9E95F70E02}) (Version: 1.04.266 - F-Secure Corporation) Hidden
F-Secure SafeSearch 10.0.0.0 (release) (HKLM-x32\...\{1C02D59F-EAF4-404C-95D9-2E7EF186FE44}) (Version: 10.0.0.0 - F-Secure Corporation) Hidden
F-Secure Ultralight 1.0.5438.0 (release) (cc0c4f981bd2f23d1e5e325af11ed0a0ecf2a348) (HKLM-x32\...\{C75644E8-5FB5-4B8F-8FD2-08CC5D7ECD87}) (Version: 1.0.5438.0 - F-Secure Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.57 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.36.0.10831 (HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\GoToMeeting) (Version: 8.36.0.10831 - LogMeIn, Inc.)
HL-3170CDW (HKLM-x32\...\{C6580DE1-F539-4700-ADD2-3185121E51A8}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Intel® Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodi (HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\Kodi) (Version:  - XBMC-Foundation)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM-x32\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MP3 Skype recorder (HKLM-x32\...\{E95E4FA7-8E62-4BD3-BC2E-3C6E4BBAB558}) (Version: 4.34.1.0 - Domit LTD)
Netwaiting (HKLM-x32\...\{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}) (Version: 1.0.1 - Conexant Systems, Inc)
Nitro Reader 5 (HKLM\...\{42BEF461-E91D-4C9E-94A2-790D973CE971}) (Version: 5.5.9.2 - Nitro)
Online Safety 2.193.6279.13 (HKLM-x32\...\{978DBB21-6BBE-4F5F-B399-6BD9C3A04B9F}) (Version: 2.193.6279.13 - F-Secure Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 4.12 - NCH Software)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-ec154e20-72da-4fe8-9976-333131c94b81) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.15 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Security Suite (HKLM-x32\...\{ABA4F20E-E0C1-40E9-9B98-3D369F6E27BD}) (Version: 2.93.175.0 - F-Secure Corporation) Hidden
Security Suite (HKLM-x32\...\F-Secure ServiceEnabler 42626) (Version: 2.93.175.0 - F-Secure Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype version 8.25 (HKLM-x32\...\Skype_is1) (Version: 8.25 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-5f224119-552e-4524-913f-b11383264ccb) (Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
TurboCASH4.7 (Build 838) (HKLM-x32\...\TurboCASH4_is1) (Version:  - Philip Copeman)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.01 - NCH Software)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-e1071cfb-c024-4381-9c0d-ec1798fadec0) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4012123907-465974096-959493378-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4012123907-465974096-959493378-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Tracie Admin\AppData\Local\GoToMeeting\9250\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-08-31] (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D6032AC-BF42-44F3-8472-D389BC967E82} - System32\Tasks\Scheduled scanning task => C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\fsav.exe
Task: {1091E2A2-F351-44DD-A8F0-88381CDE079E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-24] (Google Inc.)
Task: {7C440B58-F41D-4D22-8CA4-A50C92BE86E6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {7E30BC07-ED6C-44FE-822B-CEF2B1EEDAFB} - System32\Tasks\G2MUpdateTask-S-1-5-21-4012123907-465974096-959493378-1000 => C:\Users\Tracie Admin\AppData\Local\GoToMeeting\10831\g2mupdate.exe [2018-10-13] (LogMeIn, Inc.)
Task: {9C3A6C4C-4998-423D-A864-4E2B5AE60AE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {9EBB667F-223F-45B8-84A6-599D51D8E4A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {CA317E15-3C32-4D95-A572-A2457220EB1C} - System32\Tasks\update-S-1-5-21-4012123907-465974096-959493378-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {DEF06F7E-A186-4253-BE58-3B02041EB9E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-24] (Google Inc.)
Task: {E24E3615-5809-4E01-8919-F0E33D9F51EA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-01] (Adobe Systems Incorporated)
Task: {EF0854D8-B4B0-4D3B-9E99-D7913472F70D} - System32\Tasks\G2MUploadTask-S-1-5-21-4012123907-465974096-959493378-1000 => C:\Users\Tracie Admin\AppData\Local\GoToMeeting\10831\g2mupload.exe [2018-10-13] (LogMeIn, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-4012123907-465974096-959493378-1000.job => C:\Users\Tracie Admin\AppData\Local\GoToMeeting\10831\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-4012123907-465974096-959493378-1000.job => C:\Users\Tracie Admin\AppData\Local\GoToMeeting\10831\g2mupload.exe
Task: C:\windows\Tasks\Scheduled scanning task.job => C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\fsav.exeW /HARD /POLICY /SCHED /REPORT C:\PROGRA~2\CHARTE~1\apps\COMPUT~1\ANTI-V~1\report.txt
Task: C:\windows\Tasks\update-S-1-5-21-4012123907-465974096-959493378-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Tracie Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Tracie Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-09-17 09:44 - 2018-09-17 09:44 - 000319968 _____ () C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\senddump_fshoster_plugin64.dll
2018-09-17 09:44 - 2018-09-17 09:44 - 000418784 _____ () C:\Program Files (x86)\Charter Security Suite\apps\Ultralight\ulcore\1537179249\daas2_x64.dll
2011-08-31 15:13 - 2011-08-31 15:13 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 011190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-15 18:19 - 2010-12-15 18:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-09-19 09:26 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll
2018-09-19 09:26 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll
2011-06-10 00:09 - 2011-06-10 00:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2017-07-25 19:35 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4012123907-465974096-959493378-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tracie Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{56750813-2DEB-431C-9BBF-2DC5534E51BD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F44B56C4-B71A-4D94-BE9C-D6D80D16CDD3}] => (Allow) LPort=2869
FirewallRules: [{FF7AC202-B0FA-43C1-A112-5BA874211943}] => (Allow) LPort=1900
FirewallRules: [{97C9FCD5-ED4A-4A8F-A29A-34C07ADB3409}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A7DBBE3D-69BC-491C-8E40-2ECD1620E021}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{357593C2-C926-4111-861A-CC0C5AD5C5BE}] => (Allow) D:\install\data\Disk1\setup.exe
FirewallRules: [{82A453B8-AAAA-46A9-A6B8-C73AF1E48162}] => (Allow) D:\install\data\Disk1\setup.exe
FirewallRules: [{B0C68167-328E-45C8-9187-3D0C3B789B15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CD07CA4-AC9C-45CA-86DC-BDC06C016C86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18248937-7C6F-4DBC-B8B6-1271C1A9C059}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1DCDCF7E-9FEA-42E2-BD1E-0C2ED5331AC4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EDAA38B5-463D-4492-B449-567585EE0F3B}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{B8BDC560-6C65-487B-B1BB-5ADFC78D6B21}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{151F7245-EA07-47B1-B38D-05EA0B84C36A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{2E49BD01-C527-4CC7-9FEC-1D6B135EC713}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{61EAAD9C-912D-4312-9D51-DE98EA3411BF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{072FF6B4-B555-437B-8D80-8B8196027BFC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{9C9AAA6F-EA73-4714-BE1E-6F71F8711449}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
27-07-2018 12:19:32 Scheduled Checkpoint
09-08-2018 14:30:52 Scheduled Checkpoint
14-10-2018 13:41:05 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2018 08:36:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (10/21/2018 08:35:27 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Configuration.ConfigurationErrorsException: Configuration system failed to initialize
Stack Trace:
   at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(Object sender, InternalConfigEventArgs e)
   at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(String configPath, BaseConfigurationRecord configRecord)
   at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
   at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
   at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(String sectionName)
   at System.Configuration.ConfigurationManager.GetSection(String sectionName)
   at System.Configuration.ClientSettingsStore.ReadSettings(String sectionName, Boolean isUserScoped)
   at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(SettingsContext context, SettingsPropertyCollection properties)
   at System.Configuration.SettingsBase.GetPropertiesFromProvider(SettingsProvider provider)
   at System.Configuration.SettingsBase.GetPropertyValueByName(String propertyName)
   at System.Configuration.SettingsBase.get_Item(String propertyName)
   at System.Configuration.ApplicationSettingsBase.GetPropertyValue(String propertyName)
   at System.Configuration.ApplicationSettingsBase.get_Item(String propertyName)
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (10/20/2018 10:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2801434
 
Error: (10/20/2018 10:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2801434
 
Error: (10/20/2018 10:09:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/20/2018 10:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2800218
 
Error: (10/20/2018 10:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2800218
 
Error: (10/20/2018 10:09:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (10/21/2018 08:57:27 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106320W0D.
 
Error: (10/21/2018 08:57:26 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106320W0D.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106320W0D.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106320W0D.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (10/21/2018 08:57:17 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106320W0D.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 66%
Total physical RAM: 4043.86 MB
Available physical RAM: 1335.56 MB
Total Virtual: 8085.04 MB
Available Virtual: 4996.88 MB
 
==================== Drives ================================
 
Drive c: (TI106320W0D) (Fixed) (Total:449.62 GB) (Free:383.95 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{716c5d44-159f-11e7-8d03-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: DA1DDF00)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=449.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 21 October 2018 - 01:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

See if you can:

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt
notepad %UserProfile%\desktop\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

 

 

IF SFC runs OK then try running check disk again. 


  • 0

#3
callotheloon
Posted 22 October 2018 - 08:19 AM

callotheloon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

jsut found this...running now


  • 0

#4
callotheloon
Posted 22 October 2018 - 12:56 PM

callotheloon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Was too long. The process you suggested didn't work. I was able to find the CBS file from today via a search. 

Attached Files

  • Attached File  CBS.log   1.82MB   339 downloads

  • 0

#5
RKinner
Posted 22 October 2018 - 03:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

2018-10-22 10:44:51, Info                  CSI    000003a7 [SR] Cannot repair member file [l:22{11}]"autochk.exe" of Microsoft-Windows-Autochk, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2018-10-22 10:44:51, Info                  CSI    000003a8 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2018-10-22 10:44:51, Info                  CSI    000003a9 Hashes for file member \??\C:\windows\System32\autochk.exe do not match actual file [l:22{11}]"autochk.exe" :

 

Above is why the disk check won't work.  autochk.exe is corrupt.

 

Sometimes sfcfix can help:

 

https://www.majorgee...ils/sfcfix.html

 

You may need to rerun sfc just before you run SFCFIX as the CBS log gets purged periodically.

 

 

Also put

autochk.exe

 

in the FRST search box and hit Search Files.  You will get one file.  Please post it. 

 

I can probably upload a fresh copy of autochk.exe when I get back but I have to take my wife somewhere right now.
 


  • 0

#6
callotheloon
Posted 22 October 2018 - 04:20 PM

callotheloon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

no problem. i have to go get dinner too...thank you so much


  • 0

#7
callotheloon
Posted 22 October 2018 - 04:46 PM

callotheloon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-10-22 18:22:08.129
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.
 
 
 
 
AutoAnalysis::
CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
CORRUPT: C:\windows\winsxs\amd64_microsoft-windows-bits-proxy2_31bf3856ad364e35_6.1.7600.16385_none_0c56be7522fa37d4\bitsprx2.dll
 
 
SUMMARY: Some corruptions could not be fixed automatically. Seek advice from helper or sysnative.com.
   CBS & SFC total detected corruption count:     2
   CBS & SFC total unimportant corruption count:  0
   CBS & SFC total fixed corruption count:        0
   SURT total detected corruption count:          0
   SURT total unimportant corruption count:       0
   SURT total fixed corruption count:             0
AutoAnalysis:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-10-22 18:45:46.773
----------------------EOF-----------------------

  • 0

#8
RKinner
Posted 22 October 2018 - 09:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Here are the two files that are bad.

 

Attached File  bitsprx2.zip   4.84KB   264 downloads

 

Attached File  autochk.zip   282.89KB   280 downloads

 

Download, Save, right click on the file and Extract All, Extract.  If you don't do anything else the files should now be in 

 

 C:\Users\Tracie Admin\Downloads\bitsprx2\bitsprx2.dll

 

and

 

 C:\Users\Tracie Admin\Downloads\autochk\autochk.exe

 

Assuming that's the case we are going to try and get a FRST fixlist to replace the bad files with our good files.

 

Download, Save the attached fixlist.txt to the same folder where FRST lives.

 

Attached File  fixlist.txt   637bytes   261 downloads

 

IF the files are not where I think they are then edit the fixlist to show the correct paths

 

Right click on FRST and Run As Admin then hit the Fix button.

 

After it reboots  run SFC /scannow  and sfcfixas before.  Does it still complain?  (We might get lucky and it may decide to run the disk check when it reboots)


  • 0

#9
callotheloon
Posted 23 October 2018 - 08:16 AM

callotheloon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

  here's the location. I put a copy in this loose folder and inside the FRST folder.  When I right click though there isn't an option to run as administrator. Am I in the wrong place? I did get asked moments ago if I wanted to do something as administrator...

thanks

Attached Thumbnails

  • tempfrst.jpg

  • 0

#10
RKinner
Posted 23 October 2018 - 08:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

That's a folder.   You can't run it. 

 

The FRST folder you are looking at is created by FRST to hold its backup and quarantine folder.

 

FRST64.exe should still be in the downloads folder:

 

Running from C:\Users\Tracie Admin\Downloads

 

 

You also need to move the fixlist to the same folder where FRST64.exe lives which should still be in the Downloads folder unless you moved it for some reason.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: corrupt, unreadable;

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP