[MaBacon8r]

I had a friend that offered to help me fix my slow running computer because when I downloaded Windows 8 it completely messed my computer up. I tried to factory reset my computer a few days ago and it kicked me out of the process. I also have tried downloading some apps and it would not let me do that. I followed the steps listed on the initial post and this is what I have from running the Farbar. Any help with what to do to fix it would be greatly appreciated. I also have kids that play on my computer, and even though I try to explain to them not to download anything without scanning it first they don't always listen.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2019 02
Ran by Mandy (administrator) on MINEMINEMINE (Hewlett-Packard HP 2000 Notebook PC) (28-08-2019 23:44:02)
Running from C:\Users\Mandy\Downloads
Loaded Profiles: Mandy (Available Profiles: Mandy)
Platform: Windows 8 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dfrgui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.1.50\NortonSecurity.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-4052518235-3113839039-2858287364-1002\...\MountPoints2: {7fa68671-b458-11e2-be7a-2016d81a12d8} - "F:\TL_Bootstrap.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09B6DE0D-EBBC-4A89-BA6B-948D7221C8A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {189CDA4D-1433-4F74-9F01-E91D775D0C66} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [630584 2014-05-12] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {1E7884A9-C95D-4B00-B779-827319120F65} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {1FEE85A5-5ADD-4137-9486-B6239E4CDD1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [524192 2012-08-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {2C2C4A0E-0DAB-4631-81B5-F2B6B0BF981F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2014-08-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {48C2501B-581F-4EEE-BF64-388A52634B45} - System32\Tasks\{1869123B-F4EC-41D5-9B58-51A7DD2F8FFC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\Windows\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {A831CAA2-B07C-4235-B6EB-F1A203578FA5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink -> CyberLink)
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\Windows\system32\SettingSyncInfo.dll [128512 2013-08-10] (Microsoft Windows -> Microsoft Corporation)
Task: {BF64D249-FF9C-41DD-B3FD-D95C375FC906} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2015-04-27] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {D408DAB0-87F3-4379-9311-F6C8B24093EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [524192 2012-08-10] (Hewlett-Packard Company -> Hewlett-Packard Company)
Task: {D60AA9C4-9038-477D-A7AF-B656F4499CD0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink -> CyberLink)
Task: {D967AB68-054C-4087-96F1-FE079E26A3C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [524192 2012-08-10] (Hewlett-Packard Company -> Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{88551B06-4A03-4453-9F40-04AB5C01F1D3}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4052518235-3113839039-2858287364-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.va.gov/
HKU\S-1-5-21-4052518235-3113839039-2858287364-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard Company -> Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.1.50\coIEPlg.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF DefaultProfile: 7ayjienh.default
FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\7ayjienh.default [2019-08-22]
FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\hkerrofv.default-release [2019-08-28]
FF DownloadDir: C:\Users\Mandy\Desktop
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [239616 2012-08-02] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2015-07-08] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2014-08-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [10280960 2012-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [368640 2012-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [79528 2012-07-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [26280 2012-07-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3618304 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\BASHDefs\20190826.001\BHDrvx64.sys [1935880 2019-08-26] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-05-23] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153096 2019-08-27] (Symantec Corporation -> Symantec Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\IPSDefs\20190827.061\IDSvia64.sys [1451016 2019-08-27] (Symantec Corporation -> Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2015-07-08] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1611010.032\SRTSP64.SYS [864480 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-08-26] (Symantec Corporation -> Symantec Corporation)
S3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.1.50\SymPlatform\SymEvnt.sys [709128 2019-04-18] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\Windows\System32\drivers\NGCx64\1611010.032\symnets.sys [573448 2019-04-22] (Symantec Corporation -> Symantec Corporation)
R3 usbfilter; C:\Windows\system32\DRIVERS\usbfilter.sys [57000 2012-06-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1611010.032\wpCtrlDrv.sys [1012120 2019-04-22] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-28 23:44 - 2019-08-28 23:46 - 000018194 _____ C:\Users\Mandy\Downloads\FRST.txt
2019-08-28 23:43 - 2019-08-28 23:44 - 000000000 ____D C:\FRST
2019-08-28 23:40 - 2019-08-28 23:40 - 001613824 _____ (Farbar) C:\Users\Mandy\Downloads\FRST64.exe
2019-08-27 18:55 - 2019-08-27 18:55 - 000757640 _____ C:\Windows\Minidump\082719-217792-01.dmp
2019-08-27 18:55 - 2019-08-27 18:55 - 000000000 ____D C:\Windows\Minidump
2019-08-27 18:54 - 2019-08-27 18:54 - 279388003 _____ C:\Windows\MEMORY.DMP
2019-08-27 16:48 - 2019-08-27 16:48 - 000000000 ___HD C:\$SysReset
2019-08-27 00:06 - 2019-08-27 00:06 - 000000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2019-08-27 00:04 - 2019-08-27 00:04 - 001202736 _____ (Adobe Inc) C:\Users\Mandy\Downloads\readerdc_en_xa_cra_install.exe
2019-08-26 23:59 - 2019-08-26 23:59 - 000099848 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2019-08-26 23:59 - 2019-08-26 23:59 - 000008616 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2019-08-26 23:59 - 2019-08-26 23:59 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2019-08-26 23:57 - 2019-08-26 23:57 - 000002250 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-08-26 23:50 - 2019-08-27 16:29 - 000000000 ____D C:\Windows\system32\Drivers\NGCx64
2019-08-26 23:50 - 2019-08-26 23:57 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-08-26 23:50 - 2019-08-26 23:51 - 000000000 ____D C:\Program Files\Norton Security
2019-08-26 23:32 - 2019-08-26 23:32 - 000001259 _____ C:\Users\Mandy\Desktop\Norton Installation Files.lnk
2019-08-26 23:31 - 2019-08-26 23:31 - 000000000 ____D C:\Users\Public\Downloads\Norton
2019-08-26 23:27 - 2019-08-26 23:28 - 003601416 _____ (Symantec Corporation) C:\Users\Mandy\Downloads\NSPremiumDownloader.exe
2019-08-26 23:15 - 2019-08-26 23:15 - 000000000 ____D C:\ProgramData\Adobe
2019-08-26 23:01 - 2019-08-27 16:22 - 000000000 ____D C:\Users\Mandy\AppData\Local\Adobe
2019-08-25 21:53 - 2019-07-09 16:05 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2019-08-25 17:34 - 2019-08-25 22:34 - 000000000 ___HD C:\$WINDOWS.~BT
2019-08-25 17:34 - 2019-08-25 20:05 - 000003732 _____ C:\Windows\diagerr.xml
2019-08-25 17:34 - 2019-08-25 20:05 - 000001890 _____ C:\Windows\diagwrn.xml
2019-08-25 10:27 - 2019-08-25 10:27 - 000000000 ___HD C:\$Windows.~WS
2019-08-24 16:52 - 2019-08-25 17:34 - 000000000 ____D C:\ESD
2019-08-24 16:45 - 2019-08-25 22:36 - 000000000 ____D C:\Windows\Panther
2019-08-24 16:40 - 2019-08-24 16:42 - 019256968 _____ (Microsoft Corporation) C:\Users\Mandy\Downloads\MediaCreationTool1903.exe
2019-08-23 00:47 - 2019-08-23 00:47 - 001151544 _____ (Google LLC) C:\Users\Mandy\Downloads\installbackupandsync.exe
2019-08-22 23:55 - 2019-08-28 23:38 - 000000000 ____D C:\Users\Mandy\AppData\LocalLow\Mozilla
2019-08-22 23:54 - 2019-08-22 23:55 - 000000000 ____D C:\Users\Mandy\AppData\Roaming\Mozilla
2019-08-22 23:54 - 2019-08-22 23:55 - 000000000 ____D C:\ProgramData\Mozilla
2019-08-22 23:54 - 2019-08-22 23:54 - 000001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-22 23:54 - 2019-08-22 23:54 - 000001111 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-08-22 23:54 - 2019-08-22 23:54 - 000000000 ____D C:\Users\Mandy\AppData\Local\Mozilla
2019-08-22 23:54 - 2019-08-22 23:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-22 23:54 - 2019-08-22 23:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-28 23:07 - 2012-07-26 01:26 - 000262144 ___SH C:\Windows\system32\config\ELAM
2019-08-28 13:25 - 2012-07-26 03:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-27 17:12 - 2012-07-26 03:28 - 000006364 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-27 16:54 - 2012-07-26 01:26 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-27 16:26 - 2012-07-26 03:59 - 000000000 ____D C:\Windows\CbsTemp
2019-08-27 00:25 - 2012-11-20 05:51 - 000000000 ____D C:\ProgramData\Norton
2019-08-26 23:59 - 2012-07-26 04:12 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-08-26 23:49 - 2015-06-28 02:02 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-08-26 22:49 - 2012-07-26 04:12 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-25 22:35 - 2012-07-26 04:12 - 000000000 ____D C:\Windows\AUInstallAgent
2019-08-25 19:59 - 2012-07-26 01:38 - 000000000 ____D C:\Windows\system32\oobe
2019-08-25 19:49 - 2012-07-26 01:37 - 000000000 ____D C:\Windows\Inf
2019-08-25 16:52 - 2014-06-16 20:50 - 000000000 ____D C:\Games
2019-08-24 16:40 - 2013-02-09 22:22 - 000003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE56E58A-8B68-4334-B4A2-A6FBB74DF4D8}
2019-08-23 00:27 - 2013-02-09 22:28 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052518235-3113839039-2858287364-1002
2019-08-22 23:14 - 2012-07-26 04:12 - 000000000 ____D C:\Windows\system32\NDF
2019-08-22 22:53 - 2016-03-24 20:30 - 000000000 ____D C:\Program Files (x86)\Driver Support
2019-08-22 22:45 - 2013-02-09 22:18 - 000000000 ____D C:\Users\Mandy\AppData\Local\Packages

==================== Files in the root of some directories ================

2013-03-24 15:45 - 2013-03-24 15:45 - 000000017 _____ () C:\Users\Mandy\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-08-24 16:58
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2019 02
Ran by Mandy (28-08-2019 23:47:46)
Running from C:\Users\Mandy\Downloads
Windows 8 (X64) (2013-02-10 02:16:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4052518235-3113839039-2858287364-500 - Administrator - Disabled)
Guest (S-1-5-21-4052518235-3113839039-2858287364-501 - Limited - Disabled)
Mandy (S-1-5-21-4052518235-3113839039-2858287364-1002 - Administrator - Enabled) => C:\Users\Mandy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Disabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
FW: Norton Security (Disabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Hewlett-Packard ACLM.NET v1.2.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 68.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 68.0.2 (x86 en-US)) (Version: 68.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.0.2 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.17.1.50 - Symantec Corporation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Packages:
=========
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.0.1.34_neutral__v10z8vjag6ke6 [2012-11-20] (Hewlett-Packard Company)
HP Connected Photo powered by Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_1.0.1.31_x86__v10z8vjag6ke6 [2013-02-09] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.0.12.75_neutral__v10z8vjag6ke6 [2012-11-20] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.0.0.72_neutral__v10z8vjag6ke6 [2013-02-09] (Hewlett-Packard Company)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.0.0.2_x86__8wekyb3d8bbwe [2012-11-20] (Microsoft Studios)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2013-02-09] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation) [MS Ad]
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.62_x86__v68kp9n051hdp [2012-11-20] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation) [MS Ad]
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2012-08-17] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-27] (CyberLink -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.1.50\buShell.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.1.50\NavShExt.dll [2019-04-22] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-10-19 02:08 - 2011-10-19 02:08 - 000007168 _____ ( ) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 000369664 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000014336 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Audio.Graphics.Dashboard.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000049152 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000025600 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000444416 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000057344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000241664 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000110592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000053248 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000036352 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 002400256 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000110592 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000160256 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000016384 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-07-12 10:56 - 2012-07-12 10:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-06 15:46 - 2012-08-06 15:46 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2012-08-06 15:45 - 2012-08-06 15:45 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 000393216 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000528384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000043520 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 001406464 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll
2012-08-06 15:54 - 2012-08-06 15:54 - 000144896 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects2.Runtime.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000007168 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000007680 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000005120 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-06 15:53 - 2012-08-06 15:53 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-06 15:55 - 2012-08-06 15:55 - 000028672 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-08-06 15:52 - 2012-08-06 15:52 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-06 15:51 - 2012-08-06 15:51 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 20:48 - 2011-10-17 20:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-11-20 05:42 - 2012-11-20 05:41 - 000348160 ____N (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CyberLink\PowerDVD10\MSVCR71.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-4052518235-3113839039-2858287364-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: RtkAudioService => 2
HKLM\...\StartupApproved\Run32: => "408809432"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0758B42B-2DD6-4329-8DF8-FAECA7B668B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BD7BD99-EDCD-4755-AAEF-AB70F3F31B7C}] => (Allow) LPort=2869
FirewallRules: [{D58582AF-22E5-4C02-B344-27C8199D947D}] => (Allow) LPort=1900
FirewallRules: [{7A950B07-F0E9-4F0D-A010-FCF829D7E245}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{29A78B32-B5B9-4B98-BCC8-76730E2E6F4E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{B528B484-0784-4235-99FD-A507B50D52D3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
FirewallRules: [{6CAC0405-5ACA-4B08-83A9-1073A57ABD61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2CDAA92E-564E-4E71-9A64-5BD604F1E4B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2019 11:49:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:49:53Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:49:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:49:23Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:48:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:48:53Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:48:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:48:23Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:47:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:47:53Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:47:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:47:23Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:46:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:46:53Z. Error Code: 0x80071A91.

Error: (08/28/2019 11:46:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2119-08-05T03:46:23Z. Error Code: 0x80071A91.


System errors:
=============
Error: (08/28/2019 01:24:26 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/28/2019 01:25:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:55:06 PM on ‎8/‎27/‎2019 was unexpected.

Error: (08/27/2019 06:55:16 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800231c880, 0xfffff80370007930, 0xfffffa8001ee6c10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082719-217792-01.

Error: (08/27/2019 06:54:20 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/27/2019 06:55:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:07:29 PM on ‎8/‎27/‎2019 was unexpected.

Error: (08/27/2019 05:54:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.

Error: (08/27/2019 05:03:07 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume C: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (08/27/2019 04:54:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the msiserver service.


Windows Defender:
===================================
Date: 2019-08-24 23:03:11.012
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {A0D6CA0D-2F46-4D4A-91E4-F71663721905}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-24 21:09:16.601
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1C140410-C0B7-497E-A99D-CF4C3F27BF14}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-24 20:59:06.298
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {57812CA9-D9DD-4E43-8545-C6A9F8B9385C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-24 19:52:38.468
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {452CA085-5DF1-4250-A770-5A6C620E3A5E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-11-18 18:00:24.987
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {ED3FC36D-418E-40DF-9A30-9CB5D394F98B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-24 16:55:14.288
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.1603.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12505.0
Error code: 0x80080005
Error description: Server execution failed

Date: 2019-08-22 22:39:28.233
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.1603.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12505.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-08-22 22:39:28.233
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.1603.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12505.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-08-22 22:39:27.984
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.1603.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12505.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-18 19:49:37.149
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.215.1603.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.12505.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: Insyde F.13 09/03/2012
Motherboard: Hewlett-Packard 188B
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 82%
Total physical RAM: 1634.26 MB
Available physical RAM: 283.54 MB
Total Virtual: 3298.26 MB
Available Virtual: 1358.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:273.93 GB) (Free:230.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.82 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{e2b7c670-1a5d-40e7-bd91-8c49fe728931}\ (WINRE) (Fixed) (Total:0.39 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)

Partition: GPT.

==================== End of Addition.txt ============================

[Advertisements]

Welcome.

Please give me some time to go over your logs and I will get back to you as soon as possible.

[iMacg3]

Welcome.

Please give me some time to go over your logs and I will get back to you as soon as possible.

[iMacg3]

Hi MaBacon8r, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:

• Back up any important data before we continue.
  • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
• Do not install any new software or run any fixes/tools on your system unless I request that you do so.
  • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
• Please read all instructions carefully, and complete them in the order listed.
  • Items that are especially important will be highlighted in bold or red.
• If your computer seems to start working normally, please don't abandon the topic.
  • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
• If you have pirated or illegal software on your computer, uninstall it now before proceeding.
  • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
• If you don't respond to your topic in 4 days, it will be closed.
  • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
• If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Is this computer used for business purposes?

[MaBacon8r]

Thank you for your help. The computer is for personal use.

[iMacg3]

Hi MaBacon8r, welcome to the Geeks to Go malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:

• Back up any important data before we continue.
  • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
• Do not install any new software or run any fixes/tools on your system unless I request that you do so.
  • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
• Please read all instructions carefully, and complete them in the order listed.
  • Items that are especially important will be highlighted in bold or red.
• If your computer seems to start working normally, please don't abandon the topic.
  • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
• If you have pirated or illegal software on your computer, uninstall it now before proceeding.
  • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
• If you don't respond to your topic in 4 days, it will be closed.
  • If your topic is closed and you still need assistance, send me a Personal Message with a link to your topic.
• If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------
 

Platform: Windows 8 (X64)

Your computer's operating system is out of date. Windows 8 is no longer supported by Microsoft, meaning you will not receive important updates, such as security patches, for your computer.

My recommendation would be to upgrade to at least Windows 8.1, or Windows 10.

If you would prefer to continue troubleshooting the computer with this operating system installed, let me know. However, I would strongly recommend you upgrade to a newer OS.

[MaBacon8r]

I can't even update it. I tried it the other day and it booted me out of the upgrade.

[iMacg3]

Hi MaBacon8r,

Do you receive an error message when attempting the upgrade?

Is the upgrade for Windows 8.1 or Windows 10?

[MaBacon8r]

I downloaded windows media creator. I tried to run it that way. It started the download process then said an error had occurred and it was returning to previous settings. I deleted the windows media creator afterwards.

[MaBacon8r]

The windows Microsoft store also won't let me access it. I get an error when I try to click it

[iMacg3]

Hi MaBacon8r,
 

I downloaded windows media creator. I tried to run it that way. It started the download process then said an error had occurred and it was returning to previous settings. I deleted the windows media creator afterwards.

 
 

The windows Microsoft store also won't let me access it. I get an error when I try to click it

Do you receive a specific error code when attempting the upgrade or accessing the Microsoft store? If so, please post it in your reply.

[MaBacon8r]

No I didn't receive a specific error code

[iMacg3]

Hi MaBacon8r,

I see no evidence of malware in your logs. There are just some potentially unwanted browser search providers/remnants of programs and a few "orphaned" registry entries. Please do the following:

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

• Highlight the contents of the below code box and press Ctrl + C on your keyboard:
  

  Start::
  CreateRestorePoint:
  EmptyTemp:
  CloseProcesses:
  HKU\S-1-5-21-4052518235-3113839039-2858287364-1002\...\MountPoints2: {7fa68671-b458-11e2-be7a-2016d81a12d8} - "F:\TL_Bootstrap.exe"
  Task: {48C2501B-581F-4EEE-BF64-388A52634B45} - System32\Tasks\{1869123B-F4EC-41D5-9B58-51A7DD2F8FFC} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
  SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
  SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
  SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
  SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
  SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
  SearchScopes: HKU\S-1-5-21-4052518235-3113839039-2858287364-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
  2019-08-22 22:53 - 2016-03-24 20:30 - 000000000 ____D C:\Program Files (x86)\Driver Support
  FirewallRules: [{29A78B32-B5B9-4B98-BCC8-76730E2E6F4E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
  FirewallRules: [{B528B484-0784-4235-99FD-A507B50D52D3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe No File
  Reg: reg delete "HKLM\Software\Microsoft\Shared Tools\msconfig\services" 
  Reg: reg add "HKLM\Software\Microsoft\shared tools\msconfig\services"
  CMD: Bitsadmin /Reset /Allusers
  End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Fix button just once and wait.
• Restart the computer if prompted.
• When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
• Please copy and paste its contents into your reply.

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now ...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Files tab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:

• Fixlog.txt
• AdwCleaner[S0*].txt
• eset.txt

[MaBacon8r]

I will this afternoon. Sorry it took me so long to reply

[iMacg3]

No problem

[MaBacon8r]

I can't get out of safe mode to do this.