Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Neighbor's laptop running very slow [Solved]

Started by Wolfie , Mar 02 2022 04:35 PM

  • This topic is locked This topic is locked

#1
Wolfie
Posted 02 March 2022 - 04:35 PM

Wolfie

    Member

  • Member
  • PipPip
  • 74 posts

Could be the hard drive just showing its age, but neighbor has also indicated that the laptop will randomly crash.  A search through the event log reveals nothing other than an error that the laptop wasn't shut down properly.

 

A run of CrystalDiskInfo has SMART saying the health is GOOD with no errors or warnings or other signs of concern.

 

Neighbor had also said they tried doing a factory reset so there are no (or doesn't appear to be) much installed beyond company customized packages that come with the laptop.

 

Thanks in advance.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2021 (ATTENTION: ====> FRST version is 287 days old and could be outdated)
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (02-03-2022 15:45:08)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle
Platform: Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\sdchange.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NortonLifeLock Inc. -> Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\NortonSecurity.exe <2>
(Open Source Developer, Noriyuki Miyazaki -> Crystal Dew World) C:\Program Files\CrystalDiskInfo\DiskInfo64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\ccSvcHst.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{CCC44C7A-717C-4ea0-A378-79ADF863BF19}\NAT\562C4DD5\1.6.0.17\InstStub.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba) [File not signed] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation -> Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{43581A46-171B-48ea-A547-172D32925233}] -> C:\Program Files (x86)\Norton Anti-Theft\Engine64\1.5.0.38\ppcp.dll [2012-07-05] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {013B6953-1350-433B-A739-78A532771861} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {09BB031A-97CB-42D4-A1AD-C8C6DF9392C5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [1295496 2012-07-27] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {4263ED09-63C2-42F0-A70A-A7F88B7B8C8B} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe [50544 2012-02-03] (Symantec Corporation -> Symantec Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {5130A16F-8730-408B-A27F-DE712858246C} - System32\Tasks\Norton Internet Security\Norton Internet Security Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\SymErr.exe [115640 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {8223903A-7D26-489F-8794-8F3DA0833C87} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe [50544 2012-02-03] (Symantec Corporation -> Symantec Corporation)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-03-02]
CHR Extension: (Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-18]
CHR Extension: (Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-18]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-18]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928 2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation -> Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation -> Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation -> Symantec Corporation)
R2 NortonSecurity; C:\Program Files (x86)\Norton Internet Security\Engine\22.21.5.44\NortonSecurity.exe [343336 2021-05-31] (NortonLifeLock Inc. -> Broadcom)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation -> Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.20.5.40\Definitions\BASHDefs\20220217.011\BHDrvx64.sys [2018784 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\0106000.011\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615050.02C\ccSetx64.sys [192248 2021-05-31] (Symantec Corporation -> Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.20.5.40\Definitions\IPSDefs\20220218.061\IDSvia64.sys [1480144 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\nsvst.sys [56912 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\SRTSP64.SYS [890464 2021-03-26] (Symantec Corporation -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615050.02C\SRTSPX64.SYS [50272 2021-05-31] (Symantec Corporation -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615050.02C\SYMEFASI64.SYS [2062424 2021-05-31] (Symantec Corporation -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615050.02C\SymELAM.sys [25080 2021-05-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [99912 2022-02-18] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files (x86)\Norton Internet Security\NortonData\22.20.5.40\SymPlatform\SymEvnt.sys [712432 2022-01-11] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615050.02C\Ironx64.SYS [316488 2021-05-31] (Symantec Corporation -> Symantec Corporation)
R3 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\symnets.sys [575328 2021-03-26] (Symantec Corporation -> Symantec Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615020.032\wpCtrlDrv.sys [1013792 2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-02 15:45 - 2022-03-02 15:48 - 000017187 _____ C:\Users\Michelle\Downloads\FRST.txt
2022-03-02 15:41 - 2022-03-02 15:46 - 000000000 ____D C:\FRST
2022-03-02 15:40 - 2022-03-02 15:40 - 002299904 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2022-03-02 15:30 - 2022-03-02 15:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-03-02 15:26 - 2022-03-02 15:26 - 000001139 _____ C:\Users\Michelle\Documents\Invitation.msrcIncident
2022-03-02 15:26 - 2022-03-02 15:26 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2022-03-02 15:13 - 2022-03-02 15:13 - 004628000 _____ (Crystal Dew World ) C:\Users\Michelle\Downloads\CrystalDiskInfo8_15_2.exe
2022-03-02 15:12 - 2022-03-02 15:12 - 000256440 _____ (Asurvio, LP) C:\Users\Michelle\Downloads\DriverUpdate.exe
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210819.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210601.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-207060.txt
2022-03-02 14:41 - 2022-03-02 14:41 - 201879933 _____ C:\WINDOWS\MEMORY.DMP
2022-03-02 14:41 - 2022-03-02 14:41 - 000279744 _____ C:\WINDOWS\Minidump\030222-19390-01.dmp
2022-03-02 14:41 - 2022-03-02 14:41 - 000000000 ____D C:\WINDOWS\Minidump
2022-03-02 03:24 - 2022-03-02 03:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Internet Security
2022-03-02 03:18 - 2022-03-02 14:58 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-02-27 05:27 - 2022-02-27 05:27 - 000000117 _____ C:\WINDOWS\system32\netcfg-56753.txt
2022-02-27 05:15 - 2022-02-27 05:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-724818615.txt
2022-02-20 12:25 - 2022-02-20 12:26 - 000000117 _____ C:\WINDOWS\system32\netcfg-145839968.txt
2022-02-20 12:24 - 2022-02-20 12:24 - 000001139 _____ C:\WINDOWS\system32\netcfg-145741984.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145059479.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145058652.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29008042.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29004392.txt
2022-02-18 19:33 - 2022-03-02 14:58 - 000002519 _____ C:\Users\Public\Desktop\Norton Security.lnk
2022-02-18 19:33 - 2022-03-02 14:58 - 000002519 _____ C:\ProgramData\Desktop\Norton Security.lnk
2022-02-18 19:27 - 2022-03-02 15:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-02-18 19:21 - 2022-02-18 19:21 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-02-18 18:56 - 2022-02-18 18:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-77623835.txt
2022-02-18 18:08 - 2022-02-18 18:08 - 000000117 _____ C:\WINDOWS\system32\netcfg-74735180.txt
2022-02-18 17:10 - 2022-02-18 17:10 - 000000117 _____ C:\WINDOWS\system32\netcfg-71271864.txt
2022-02-18 15:20 - 2022-02-18 15:20 - 000000117 _____ C:\WINDOWS\system32\netcfg-64647828.txt
2022-02-18 15:17 - 2022-02-18 15:18 - 000000117 _____ C:\WINDOWS\system32\netcfg-64515102.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64514431.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64500235.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64424169.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64416744.txt
2022-02-18 15:13 - 2022-02-18 15:13 - 000000117 _____ C:\WINDOWS\system32\netcfg-64271990.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63650311.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63648969.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63335126.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63334861.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63331679.txt
2022-02-18 10:56 - 2022-02-18 10:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-39144488.txt
2022-02-18 10:56 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39149854.txt
2022-02-18 09:53 - 2022-02-18 09:53 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Macromedia
2022-02-18 09:48 - 2022-02-18 09:48 - 000000117 _____ C:\WINDOWS\system32\netcfg-44732366.txt
2022-02-18 09:45 - 2022-02-18 09:45 - 000000117 _____ C:\WINDOWS\system32\netcfg-44543620.txt
2022-02-18 09:43 - 2022-02-18 09:43 - 000000117 _____ C:\WINDOWS\system32\netcfg-44431253.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41463458.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41456329.txt
2022-02-18 08:51 - 2022-02-18 08:51 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2022-02-18 08:46 - 2022-02-18 08:46 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000002216 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000000000 ____D C:\Program Files\Google
2022-02-18 08:44 - 2022-03-02 15:06 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-18 08:44 - 2022-02-18 17:52 - 000000000 ____D C:\Users\Michelle\AppData\Local\Google
2022-02-18 08:44 - 2022-02-18 08:44 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389}
2022-02-18 08:44 - 2022-02-18 08:44 - 000003206 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1}
2022-02-18 08:29 - 2022-03-02 15:02 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\ATI
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Local\ATI
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\Users\Michelle\AppData\Local\TOSHIBA
2022-02-18 08:21 - 2022-02-18 08:21 - 000001445 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\WinBatch
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Adobe
2022-02-18 08:19 - 2022-02-18 08:19 - 000000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2022-02-18 08:18 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Local\Packages
2022-02-18 08:18 - 2022-02-18 08:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Anti-Theft
2022-02-18 08:17 - 2022-02-18 08:17 - 000000020 ___SH C:\Users\Michelle\ntuser.ini
2022-02-18 08:17 - 2012-09-07 00:13 - 000002111 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2022-02-18 08:15 - 2022-02-27 05:17 - 000000000 ____D C:\Users\Michelle
2022-02-18 08:15 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39152912.txt
2022-02-18 01:04 - 2022-02-18 01:04 - 000000000 _____ C:\Recovery.txt
2022-02-18 00:05 - 2022-02-18 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-02 15:50 - 2012-07-26 03:12 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-02 15:50 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2022-03-02 15:33 - 2012-07-26 02:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-02 15:33 - 2012-07-26 00:37 - 000000000 ____D C:\WINDOWS\Inf
2022-03-02 15:26 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-02 15:18 - 2012-09-06 23:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\NATx64
2022-03-02 14:55 - 2012-07-26 02:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-02 03:27 - 2012-07-26 03:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-02 03:18 - 2012-07-26 00:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2022-02-18 20:01 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Norton
2022-02-18 19:59 - 2012-10-27 08:36 - 000099912 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2022-02-18 19:59 - 2012-10-27 08:36 - 000010227 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2022-02-18 19:59 - 2012-10-27 08:34 - 000000000 ____D C:\Program Files (x86)\Norton Internet Security
2022-02-18 19:34 - 2012-10-27 08:36 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2022-02-18 15:16 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-18 08:21 - 2012-09-06 23:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-02-18 08:21 - 2012-07-26 02:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\WinStore
2022-02-18 01:03 - 2012-07-26 03:13 - 000262144 _____ C:\WINDOWS\system32\config\BCD-Template
2022-02-18 00:06 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\rescache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2021
Ran by Michelle (02-03-2022 15:54:34)
Running from C:\Users\Michelle\Downloads
Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {255E32D5-E2F8-754A-3F87-286C949C5537}
FW: Norton Internet Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-81c59777-621e-4806-9416-36dd66c270ab) (Version: 2.2.0.97 - WildTangent) Hidden
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Farmscapes (HKLM-x32\...\WTA-a7e7ee1b-7d47-4331-a795-4c9d14f19a6c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-32a3717d-6449-4dc6-839a-5304267673c1) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.5.0.38 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NGC) (Version: 22.21.2.50 - NortonLifeLock Inc)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (HKLM-x32\...\WTA-5b2c080f-efe1-4fe4-b2a0-b479b2cf5e59) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-200eaec2-9234-47d1-8867-2da6179703e6) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-e3e47cae-06ed-43c0-ab20-a96239c84835) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-1ae4582f-e96d-4155-a248-36b47d775e6f) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.8.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.0.80_neutral__qt5r5pa5dyg8m [2012-10-27] (WildTangent Games)
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.62_x86__v68kp9n051hdp [2012-10-27] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.0.0.24_neutral__r8x1fxsdcnpjw [2012-10-27] (Toshiba America Information Systems, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\buShell.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\NavShExt.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-07-12 08:56 - 2012-07-12 08:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 08:14 - 2012-02-14 21:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2012-07-11 10:40 - 2012-07-11 10:40 - 001842344 _____ (Symantec Corporation -> SwapDrive, Inc.) [File not signed] C:\Program Files (x86)\Symantec\Norton Online Backup\BuEng.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000068608 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\Alerts.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000087552 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\PCHealthInfo.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000097280 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\SwUpdates.dll
2012-07-19 11:53 - 2012-07-19 11:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\Toshiba\Hotkey\TCrdMain.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> DefaultScope {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine32\22.21.2.50\coIEPlg.dll [2021-03-26] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2012-07-26 00:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{F0E3B040-8913-4C64-86F1-0E59EDF6AE44}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/02/2022 03:09:04 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/02/2022 02:58:01 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/20/2022 12:20:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (02/20/2022 12:20:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (02/20/2022 12:20:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (02/20/2022 12:20:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (02/20/2022 12:20:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (02/20/2022 12:20:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (03/02/2022 04:05:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (03/02/2022 04:05:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/02/2022 04:05:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (03/02/2022 04:05:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/02/2022 04:03:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/02/2022 04:03:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/02/2022 04:03:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (03/02/2022 04:03:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 79%
Total physical RAM: 1630.25 MB
Available physical RAM: 335.29 MB
Total Virtual: 5480.41 MB
Available Virtual: 911.14 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:262.02 GB) NTFS
 
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

 


Edited by Wolfie, 02 March 2022 - 05:19 PM.

  • 0

Advertisements

#2
DR M
Posted 05 March 2022 - 05:07 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

This computer's behavior's (being slow, crashes), may be due to several reasons, in addition to the fact that it is an old computer with an old processor and 2013's BIOS. 

 

1. Windows 8

 

Support for Windows 8 ended on January 12, 2016. Not having the latest updates from Microsoft is a security risk, through which attackers can infect your computer. The computer needs to be upgraded to Windows 8.1 (if it is possible yet) and then to Windows 10.

 

2. RAM

 

Percentage of memory in use: 79%
Total physical RAM: 1630.25 MB
Available physical RAM: 335.29 MB
 
Only 2GB RAM is not enough for running Windows 8. And it is doubtful if you can upgrade with 2GB memory.
 
Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. 
 
3. Antivirus
 
Having in mind the above 2, I would uninstall Norton Internet Security and stay with the built-in Windows Defender antivirus. 
 
==================================
 
We could make an effort to check the computer, clean it and make some maintenance, but my recommendation is to add RAM and upgrade as soon as we finish. Otherwise, not many things are going to change. 
 
If you want to continue, please download the latest FRST tool and run it again, providing the two logs. 
 
Let me know about your thoughts (your neighbor's thoughts actually). 

  • 0

#3
Wolfie
Posted 05 March 2022 - 01:12 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Let me know about your thoughts (your neighbor's thoughts actually). 

I'll let her know though I doubt she'll upgrade the memory.  Laptop series came out in 2012 and she has another one that she recently got so this is just an effort to see if she can get anymore useful life out of it or not.  I'm taking a whack at it just for the fun of it.  Be nice to have it running smooth enough that she can use it as a backup or maybe just for simple stuff like checking emails, Facebook, 4K video games, etc.  Part of me is wondering if the HDD isn't close to dying.  It's got a 320gb HDD in there and assuming that it's the original, it's obviously quite old by now (though it says it's only been on for under 600 hours).  My thought has been that she might benefit greatly from an SSD to clear up a large part of the problem, but even with an HDD slowing down, it should be behaving a bit better than it is.

 

In the logs provided below, I have since removed all but the "Online Backup" of the Norton software, and that's only because it requires a reboot that I don't want to deal with just yet.

 

 

If you want to continue, please download the latest FRST tool and run it again, providing the two logs. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (05-03-2022 13:10:06)
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Platform: Microsoft Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe <2>
(services.exe ->) (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe <2>
(services.exe ->) (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(services.exe ->) (Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Toshiba) [File not signed] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation -> Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{43581A46-171B-48ea-A547-172D32925233}] -> C:\Program Files (x86)\Norton Anti-Theft\Engine64\1.6.0.17\ppcp.dll [2012-09-29] (Symantec Corporation -> Symantec Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09BB031A-97CB-42D4-A1AD-C8C6DF9392C5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [1295496 2012-07-27] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {3DA41B1B-B561-4E0B-91D3-996406C487FA} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe [53656 2012-08-17] (Symantec Corporation -> Symantec Corporation)
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {938E1B73-6C12-4B71-B308-201220D512C8} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe [53656 2012-08-17] (Symantec Corporation -> Symantec Corporation)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [NameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-03-05]
CHR Extension: (Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-18]
CHR Extension: (Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-18]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-18]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928 2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation -> Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation -> Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation -> Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation -> Symantec Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\0106000.011\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation -> Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilDrv11913; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11913.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-05 13:10 - 2022-03-05 13:21 - 000014460 _____ C:\Users\Michelle\Documents\FRST.txt
2022-03-05 13:08 - 2022-03-05 13:08 - 000001139 _____ C:\Users\Michelle\Documents\Invitation.tjp6.2rng.nyc7.msrcIncident
2022-03-05 13:07 - 2022-03-05 13:07 - 000001235 _____ C:\Users\Michelle\Desktop\msra - Shortcut.lnk
2022-03-05 11:27 - 2022-03-05 11:27 - 000000117 _____ C:\WINDOWS\system32\netcfg-34242.txt
2022-03-05 11:26 - 2022-03-05 11:26 - 000000117 _____ C:\WINDOWS\system32\netcfg-2171830.txt
2022-03-05 11:16 - 2022-03-02 18:30 - 002312192 _____ (Farbar) C:\Users\Michelle\Documents\FRST64.exe
2022-03-05 11:15 - 2022-03-05 11:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-03-05 10:51 - 2022-03-05 10:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-40622.txt
2022-03-05 10:50 - 2022-03-05 10:50 - 000000117 _____ C:\WINDOWS\system32\netcfg-202910.txt
2022-03-05 10:47 - 2022-03-05 10:47 - 000000117 _____ C:\WINDOWS\system32\netcfg-45661.txt
2022-03-05 10:39 - 2022-03-05 10:39 - 000000117 _____ C:\WINDOWS\system32\netcfg-1056563.txt
2022-03-05 10:23 - 2022-03-05 10:23 - 000002494 _____ C:\Users\Public\Desktop\Norton Anti-Theft.lnk
2022-03-02 17:00 - 2022-03-02 17:00 - 000000117 _____ C:\WINDOWS\system32\netcfg-7552710.txt
2022-03-02 17:00 - 2022-03-02 17:00 - 000000117 _____ C:\WINDOWS\system32\netcfg-7549574.txt
2022-03-02 16:59 - 2022-03-02 17:00 - 000001095 _____ C:\WINDOWS\system32\netcfg-7466301.txt
2022-03-02 16:59 - 2022-03-02 16:59 - 000000156 _____ C:\WINDOWS\system32\netcfg-7444024.txt
2022-03-02 16:58 - 2022-03-02 16:58 - 000000156 _____ C:\WINDOWS\system32\netcfg-7391124.txt
2022-03-02 16:51 - 2022-03-02 16:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-7017502.txt
2022-03-02 16:51 - 2022-03-02 16:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-7015271.txt
2022-03-02 16:23 - 2022-03-05 11:15 - 000000000 ____D C:\Program Files\Common Files\AV
2022-03-02 15:54 - 2022-03-02 16:06 - 000041665 _____ C:\Users\Michelle\Downloads\Addition.txt
2022-03-02 15:45 - 2022-03-02 16:06 - 000027307 _____ C:\Users\Michelle\Downloads\FRST.txt
2022-03-02 15:41 - 2022-03-05 13:11 - 000000000 ____D C:\FRST
2022-03-02 15:40 - 2022-03-02 15:40 - 002299904 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2022-03-02 15:30 - 2022-03-02 15:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-03-02 15:26 - 2022-03-05 13:08 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2022-03-02 15:13 - 2022-03-02 15:13 - 004628000 _____ (Crystal Dew World ) C:\Users\Michelle\Downloads\CrystalDiskInfo8_15_2.exe
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210819.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210601.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-207060.txt
2022-03-02 14:41 - 2022-03-02 14:41 - 201879933 _____ C:\WINDOWS\MEMORY.DMP
2022-03-02 14:41 - 2022-03-02 14:41 - 000279744 _____ C:\WINDOWS\Minidump\030222-19390-01.dmp
2022-03-02 14:41 - 2022-03-02 14:41 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-27 05:27 - 2022-02-27 05:27 - 000000117 _____ C:\WINDOWS\system32\netcfg-56753.txt
2022-02-27 05:15 - 2022-02-27 05:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-724818615.txt
2022-02-20 12:25 - 2022-02-20 12:26 - 000000117 _____ C:\WINDOWS\system32\netcfg-145839968.txt
2022-02-20 12:24 - 2022-02-20 12:24 - 000001139 _____ C:\WINDOWS\system32\netcfg-145741984.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145059479.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145058652.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29008042.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29004392.txt
2022-02-18 19:21 - 2022-02-18 19:21 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-02-18 18:56 - 2022-02-18 18:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-77623835.txt
2022-02-18 18:08 - 2022-02-18 18:08 - 000000117 _____ C:\WINDOWS\system32\netcfg-74735180.txt
2022-02-18 17:10 - 2022-02-18 17:10 - 000000117 _____ C:\WINDOWS\system32\netcfg-71271864.txt
2022-02-18 15:20 - 2022-02-18 15:20 - 000000117 _____ C:\WINDOWS\system32\netcfg-64647828.txt
2022-02-18 15:17 - 2022-02-18 15:18 - 000000117 _____ C:\WINDOWS\system32\netcfg-64515102.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64514431.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64500235.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64424169.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64416744.txt
2022-02-18 15:13 - 2022-02-18 15:13 - 000000117 _____ C:\WINDOWS\system32\netcfg-64271990.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63650311.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63648969.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63335126.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63334861.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63331679.txt
2022-02-18 10:56 - 2022-02-18 10:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-39144488.txt
2022-02-18 10:56 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39149854.txt
2022-02-18 09:53 - 2022-02-18 09:53 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Macromedia
2022-02-18 09:48 - 2022-02-18 09:48 - 000000117 _____ C:\WINDOWS\system32\netcfg-44732366.txt
2022-02-18 09:45 - 2022-02-18 09:45 - 000000117 _____ C:\WINDOWS\system32\netcfg-44543620.txt
2022-02-18 09:43 - 2022-02-18 09:43 - 000000117 _____ C:\WINDOWS\system32\netcfg-44431253.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41463458.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41456329.txt
2022-02-18 08:51 - 2022-02-18 08:51 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2022-02-18 08:46 - 2022-02-18 08:46 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000000000 ____D C:\Program Files\Google
2022-02-18 08:44 - 2022-03-05 13:02 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-18 08:44 - 2022-02-18 17:52 - 000000000 ____D C:\Users\Michelle\AppData\Local\Google
2022-02-18 08:44 - 2022-02-18 08:44 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389}
2022-02-18 08:44 - 2022-02-18 08:44 - 000003206 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1}
2022-02-18 08:29 - 2022-03-05 13:07 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\ATI
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Local\ATI
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\Users\Michelle\AppData\Local\TOSHIBA
2022-02-18 08:21 - 2022-02-18 08:21 - 000001445 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\WinBatch
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Adobe
2022-02-18 08:19 - 2022-02-18 08:19 - 000000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2022-02-18 08:18 - 2022-03-05 10:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Anti-Theft
2022-02-18 08:18 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Local\Packages
2022-02-18 08:17 - 2022-02-18 08:17 - 000000020 ___SH C:\Users\Michelle\ntuser.ini
2022-02-18 08:17 - 2012-09-07 00:13 - 000002111 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2022-02-18 08:15 - 2022-02-27 05:17 - 000000000 ____D C:\Users\Michelle
2022-02-18 08:15 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39152912.txt
2022-02-18 01:04 - 2022-02-18 01:04 - 000000000 _____ C:\Recovery.txt
2022-02-18 00:05 - 2022-02-18 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-05 12:00 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-05 11:40 - 2012-07-26 00:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2022-03-05 11:31 - 2012-07-26 02:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-05 11:31 - 2012-07-26 00:37 - 000000000 ____D C:\WINDOWS\Inf
2022-03-05 11:28 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Norton
2022-03-05 11:27 - 2012-09-06 23:49 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2022-03-05 11:27 - 2012-07-26 02:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-05 11:26 - 2012-07-26 00:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-05 11:20 - 2012-07-26 03:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-05 10:48 - 2012-07-26 00:37 - 000000000 ____D C:\WINDOWS\servicing
2022-03-05 10:30 - 2012-07-26 02:52 - 000000000 ____D C:\Program Files\Windows Journal
2022-03-05 10:29 - 2012-07-26 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-05 10:23 - 2012-09-06 23:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\NATx64
2022-03-05 10:23 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2022-03-03 01:40 - 2012-07-26 03:12 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-03 01:40 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2022-02-18 15:16 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-18 08:21 - 2012-09-06 23:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-02-18 08:21 - 2012-07-26 02:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\WinStore
2022-02-18 01:03 - 2012-07-26 03:13 - 000262144 _____ C:\WINDOWS\system32\config\BCD-Template
2022-02-18 00:06 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\rescache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-03-02 16:25
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Michelle (05-03-2022 13:40:19)
Running from C:\Users\Michelle\Documents
Microsoft Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-81c59777-621e-4806-9416-36dd66c270ab) (Version: 2.2.0.97 - WildTangent) Hidden
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Farmscapes (HKLM-x32\...\WTA-a7e7ee1b-7d47-4331-a795-4c9d14f19a6c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-32a3717d-6449-4dc6-839a-5304267673c1) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.6.0.17 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (HKLM-x32\...\WTA-5b2c080f-efe1-4fe4-b2a0-b479b2cf5e59) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-200eaec2-9234-47d1-8867-2da6179703e6) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-e3e47cae-06ed-43c0-ab20-a96239c84835) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-1ae4582f-e96d-4155-a248-36b47d775e6f) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.8.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.0.80_neutral__qt5r5pa5dyg8m [2012-10-27] (WildTangent Games)
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.62_x86__v68kp9n051hdp [2012-10-27] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.0.0.24_neutral__r8x1fxsdcnpjw [2012-10-27] (Toshiba America Information Systems, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2022-03-02 18:44 - 2022-03-02 18:44 - 000351232 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\96924f32b0aeb1075120ebee9b6c2f21\Windows.Data.ni.dll
2022-03-02 18:43 - 2022-03-02 18:43 - 000295936 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\7e981d72e580e2b2c6378bb4bdba4fb3\Windows.Foundation.ni.dll
2022-03-02 18:43 - 2022-03-02 18:43 - 001179136 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\cff7d084c5e8bb43e5c72010b1e0cb0c\Windows.UI.ni.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-07-12 08:56 - 2012-07-12 08:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 08:14 - 2012-02-14 21:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2012-07-11 10:40 - 2012-07-11 10:40 - 001842344 _____ (Symantec Corporation -> SwapDrive, Inc.) [File not signed] C:\Program Files (x86)\Symantec\Norton Online Backup\BuEng.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000068608 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\Alerts.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000087552 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\PCHealthInfo.dll
2012-07-26 22:22 - 2012-07-26 22:22 - 000097280 _____ (TOSHIBA Corporation) [File not signed] [File is in use] C:\Program Files\TOSHIBA\Toshiba Service Station\Plugins\SwUpdates.dll
2012-07-19 11:53 - 2012-07-19 11:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\Toshiba\Hotkey\TCrdMain.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> DefaultScope {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL => No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2012-07-26 00:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{F0E3B040-8913-4C64-86F1-0E59EDF6AE44}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
02-03-2022 18:43:13 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/05/2022 01:02:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 10:55:50 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 10:17:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.2.9200.16384, time stamp: 0x5010a7f4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0xc0000005
Fault offset: 0x00000000000747e7
Faulting process id: 0x54
Faulting application start time: 0x01d830a41e2c8f08
Faulting application path: C:\WINDOWS\system32\LogonUI.exe
Faulting module path: C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll
Report Id: 69d56e9c-9c97-11ec-be73-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/05/2022 10:15:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINE)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144980991 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/05/2022 10:15:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINE)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144980991 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2022 03:09:04 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/02/2022 02:58:01 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (02/20/2022 12:20:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
Error: (03/05/2022 01:47:10 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (03/05/2022 01:45:10 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
 
Error: (03/05/2022 01:09:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/05/2022 01:09:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/05/2022 11:38:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 8 for x64-based Systems (KB3008273).
 
Error: (03/05/2022 11:38:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 8 for x64-based Systems (KB3030377).
 
Error: (03/05/2022 11:38:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 and Windows Server 2012 x64 (KB3074229).
 
Error: (03/05/2022 11:38:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 8 for x64-based Systems (KB3038936).
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 1630.25 MB
Available physical RAM: 652.89 MB
Total Virtual: 6494.25 MB
Available Virtual: 4745.83 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:250.61 GB) NTFS
 
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

 

 

If you want to continue, please download the latest FRST tool and run it again, providing the two logs. 

 

Let me know about your thoughts (your neighbor's thoughts actually). 


  • 0

#4
DR M
Posted 05 March 2022 - 01:39 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Wolfie.

 

Please uninstall the following:

 

Norton Anti-Theft 
Norton Online Backup 
Norton PC Checkup 
Norton Security Dashboard 
 
Restart the computer and give me fresh FRST logs to check.

  • 0

#5
Wolfie
Posted 05 March 2022 - 06:13 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Hi, Wolfie.

 

Please uninstall the following:

 

Norton Anti-Theft 
Norton Online Backup 
Norton PC Checkup 
Norton Security Dashboard 
 
Restart the computer and give me fresh FRST logs to check.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (05-03-2022 16:34:04)
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Platform: Microsoft Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(SearchFilterHost.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(services.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba) [File not signed] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-18] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09BB031A-97CB-42D4-A1AD-C8C6DF9392C5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [1295496 2012-07-27] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {3DA41B1B-B561-4E0B-91D3-996406C487FA} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /analyze (No File)
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {938E1B73-6C12-4B71-B308-201220D512C8} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /submit (No File)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [NameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-03-05]
CHR Extension: (Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-18]
CHR Extension: (Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-18]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-18]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928 2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilDrv11913; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11913.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-05 16:33 - 2022-03-05 16:33 - 000001139 _____ C:\Users\Michelle\Documents\Invitation.c282.rbcw.vbgy.msrcIncident
2022-03-05 16:25 - 2022-03-05 16:25 - 000000117 _____ C:\WINDOWS\system32\netcfg-38735.txt
2022-03-05 16:24 - 2022-03-05 16:24 - 000000117 _____ C:\WINDOWS\system32\netcfg-4506447.txt
2022-03-05 15:10 - 2022-03-05 15:10 - 000000117 _____ C:\WINDOWS\system32\netcfg-28485.txt
2022-03-05 15:09 - 2022-03-05 15:09 - 000000117 _____ C:\WINDOWS\system32\netcfg-13342500.txt
2022-03-05 13:40 - 2022-03-05 13:47 - 000039828 _____ C:\Users\Michelle\Documents\Addition.txt
2022-03-05 13:10 - 2022-03-05 16:35 - 000012360 _____ C:\Users\Michelle\Documents\FRST.txt
2022-03-05 13:07 - 2022-03-05 13:07 - 000001235 _____ C:\Users\Michelle\Desktop\msra - Shortcut.lnk
2022-03-05 11:27 - 2022-03-05 11:27 - 000000117 _____ C:\WINDOWS\system32\netcfg-34242.txt
2022-03-05 11:26 - 2022-03-05 11:26 - 000000117 _____ C:\WINDOWS\system32\netcfg-2171830.txt
2022-03-05 11:16 - 2022-03-02 18:30 - 002312192 _____ (Farbar) C:\Users\Michelle\Documents\FRST64.exe
2022-03-05 11:15 - 2022-03-05 11:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-03-05 10:51 - 2022-03-05 10:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-40622.txt
2022-03-05 10:50 - 2022-03-05 10:50 - 000000117 _____ C:\WINDOWS\system32\netcfg-202910.txt
2022-03-05 10:47 - 2022-03-05 10:47 - 000000117 _____ C:\WINDOWS\system32\netcfg-45661.txt
2022-03-05 10:39 - 2022-03-05 10:39 - 000000117 _____ C:\WINDOWS\system32\netcfg-1056563.txt
2022-03-02 17:00 - 2022-03-02 17:00 - 000000117 _____ C:\WINDOWS\system32\netcfg-7552710.txt
2022-03-02 17:00 - 2022-03-02 17:00 - 000000117 _____ C:\WINDOWS\system32\netcfg-7549574.txt
2022-03-02 16:59 - 2022-03-02 17:00 - 000001095 _____ C:\WINDOWS\system32\netcfg-7466301.txt
2022-03-02 16:59 - 2022-03-02 16:59 - 000000156 _____ C:\WINDOWS\system32\netcfg-7444024.txt
2022-03-02 16:58 - 2022-03-02 16:58 - 000000156 _____ C:\WINDOWS\system32\netcfg-7391124.txt
2022-03-02 16:51 - 2022-03-02 16:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-7017502.txt
2022-03-02 16:51 - 2022-03-02 16:51 - 000000117 _____ C:\WINDOWS\system32\netcfg-7015271.txt
2022-03-02 16:23 - 2022-03-05 11:15 - 000000000 ____D C:\Program Files\Common Files\AV
2022-03-02 15:54 - 2022-03-02 16:06 - 000041665 _____ C:\Users\Michelle\Downloads\Addition.txt
2022-03-02 15:45 - 2022-03-02 16:06 - 000027307 _____ C:\Users\Michelle\Downloads\FRST.txt
2022-03-02 15:41 - 2022-03-05 16:35 - 000000000 ____D C:\FRST
2022-03-02 15:40 - 2022-03-02 15:40 - 002299904 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2022-03-02 15:30 - 2022-03-02 15:30 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-03-02 15:26 - 2022-03-05 16:33 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2022-03-02 15:14 - 2022-03-02 15:14 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2022-03-02 15:13 - 2022-03-02 15:13 - 004628000 _____ (Crystal Dew World ) C:\Users\Michelle\Downloads\CrystalDiskInfo8_15_2.exe
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210819.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-210601.txt
2022-03-02 14:58 - 2022-03-02 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-207060.txt
2022-03-02 14:41 - 2022-03-02 14:41 - 201879933 _____ C:\WINDOWS\MEMORY.DMP
2022-03-02 14:41 - 2022-03-02 14:41 - 000279744 _____ C:\WINDOWS\Minidump\030222-19390-01.dmp
2022-03-02 14:41 - 2022-03-02 14:41 - 000000000 ____D C:\WINDOWS\Minidump
2022-02-27 05:27 - 2022-02-27 05:27 - 000000117 _____ C:\WINDOWS\system32\netcfg-56753.txt
2022-02-27 05:15 - 2022-02-27 05:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-724818615.txt
2022-02-20 12:25 - 2022-02-20 12:26 - 000000117 _____ C:\WINDOWS\system32\netcfg-145839968.txt
2022-02-20 12:24 - 2022-02-20 12:24 - 000001139 _____ C:\WINDOWS\system32\netcfg-145741984.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145059479.txt
2022-02-20 12:12 - 2022-02-20 12:12 - 000000117 _____ C:\WINDOWS\system32\netcfg-145058652.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29008042.txt
2022-02-19 03:58 - 2022-02-19 03:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-29004392.txt
2022-02-18 19:21 - 2022-02-18 19:21 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2022-02-18 18:56 - 2022-02-18 18:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-77623835.txt
2022-02-18 18:08 - 2022-02-18 18:08 - 000000117 _____ C:\WINDOWS\system32\netcfg-74735180.txt
2022-02-18 17:10 - 2022-02-18 17:10 - 000000117 _____ C:\WINDOWS\system32\netcfg-71271864.txt
2022-02-18 15:20 - 2022-02-18 15:20 - 000000117 _____ C:\WINDOWS\system32\netcfg-64647828.txt
2022-02-18 15:17 - 2022-02-18 15:18 - 000000117 _____ C:\WINDOWS\system32\netcfg-64515102.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64514431.txt
2022-02-18 15:17 - 2022-02-18 15:17 - 000000117 _____ C:\WINDOWS\system32\netcfg-64500235.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64424169.txt
2022-02-18 15:16 - 2022-02-18 15:16 - 000000117 _____ C:\WINDOWS\system32\netcfg-64416744.txt
2022-02-18 15:13 - 2022-02-18 15:13 - 000000117 _____ C:\WINDOWS\system32\netcfg-64271990.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63650311.txt
2022-02-18 15:03 - 2022-02-18 15:03 - 000000117 _____ C:\WINDOWS\system32\netcfg-63648969.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63335126.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63334861.txt
2022-02-18 14:58 - 2022-02-18 14:58 - 000000117 _____ C:\WINDOWS\system32\netcfg-63331679.txt
2022-02-18 10:56 - 2022-02-18 10:56 - 000000117 _____ C:\WINDOWS\system32\netcfg-39144488.txt
2022-02-18 10:56 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39149854.txt
2022-02-18 09:53 - 2022-02-18 09:53 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Macromedia
2022-02-18 09:48 - 2022-02-18 09:48 - 000000117 _____ C:\WINDOWS\system32\netcfg-44732366.txt
2022-02-18 09:45 - 2022-02-18 09:45 - 000000117 _____ C:\WINDOWS\system32\netcfg-44543620.txt
2022-02-18 09:43 - 2022-02-18 09:43 - 000000117 _____ C:\WINDOWS\system32\netcfg-44431253.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41463458.txt
2022-02-18 08:53 - 2022-02-18 08:53 - 000000117 _____ C:\WINDOWS\system32\netcfg-41456329.txt
2022-02-18 08:51 - 2022-02-18 08:51 - 000000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2022-02-18 08:46 - 2022-02-18 08:46 - 000002257 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000002216 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-02-18 08:46 - 2022-02-18 08:46 - 000000000 ____D C:\Program Files\Google
2022-02-18 08:44 - 2022-03-05 16:31 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-18 08:44 - 2022-02-18 17:52 - 000000000 ____D C:\Users\Michelle\AppData\Local\Google
2022-02-18 08:44 - 2022-02-18 08:44 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389}
2022-02-18 08:44 - 2022-02-18 08:44 - 000003206 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1}
2022-02-18 08:29 - 2022-03-05 13:56 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\ATI
2022-02-18 08:27 - 2022-02-18 08:27 - 000000000 ____D C:\Users\Michelle\AppData\Local\ATI
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2022-02-18 08:22 - 2022-02-18 08:22 - 000000000 ____D C:\Users\Michelle\AppData\Local\TOSHIBA
2022-02-18 08:21 - 2022-02-18 08:21 - 000001445 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\WinBatch
2022-02-18 08:21 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Adobe
2022-02-18 08:19 - 2022-02-18 08:19 - 000000000 ____D C:\Users\Michelle\AppData\Local\VirtualStore
2022-02-18 08:18 - 2022-03-05 10:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Anti-Theft
2022-02-18 08:18 - 2022-02-18 08:21 - 000000000 ____D C:\Users\Michelle\AppData\Local\Packages
2022-02-18 08:17 - 2022-02-18 08:17 - 000000020 ___SH C:\Users\Michelle\ntuser.ini
2022-02-18 08:17 - 2012-09-07 00:13 - 000002111 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2022-02-18 08:15 - 2022-02-27 05:17 - 000000000 ____D C:\Users\Michelle
2022-02-18 08:15 - 2022-02-18 08:15 - 000000117 _____ C:\WINDOWS\system32\netcfg-39152912.txt
2022-02-18 01:04 - 2022-02-18 01:04 - 000000000 _____ C:\Recovery.txt
2022-02-18 00:05 - 2022-02-18 00:05 - 000000000 __RHD C:\Users\Public\AccountPictures
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-03-05 16:34 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-05 16:29 - 2012-07-26 02:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-05 16:29 - 2012-07-26 00:37 - 000000000 ____D C:\WINDOWS\Inf
2022-03-05 16:25 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Norton
2022-03-05 16:25 - 2012-07-26 02:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-05 16:23 - 2012-07-26 02:52 - 000000000 ____D C:\Program Files\Windows Journal
2022-03-05 16:22 - 2012-07-26 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-05 16:09 - 2012-09-06 23:49 - 000000000 ____D C:\ProgramData\NortonInstaller
2022-03-05 15:09 - 2012-07-26 00:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-05 11:40 - 2012-07-26 00:26 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
2022-03-05 11:20 - 2012-07-26 03:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-05 10:48 - 2012-07-26 00:37 - 000000000 ____D C:\WINDOWS\servicing
2022-03-03 01:40 - 2012-07-26 03:12 - 000000000 ___HD C:\Program Files\WindowsApps
2022-03-03 01:40 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2022-02-18 15:16 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-18 08:21 - 2012-09-06 23:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-02-18 08:21 - 2012-07-26 02:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-02-18 08:18 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\WinStore
2022-02-18 01:03 - 2012-07-26 03:13 - 000262144 _____ C:\WINDOWS\system32\config\BCD-Template
2022-02-18 00:06 - 2012-07-26 03:12 - 000000000 ____D C:\WINDOWS\rescache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-03-02 16:25
==================== End of FRST.txt ========================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Michelle (05-03-2022 16:37:55)
Running from C:\Users\Michelle\Documents
Microsoft Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-81c59777-621e-4806-9416-36dd66c270ab) (Version: 2.2.0.97 - WildTangent) Hidden
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Farmscapes (HKLM-x32\...\WTA-a7e7ee1b-7d47-4331-a795-4c9d14f19a6c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-32a3717d-6449-4dc6-839a-5304267673c1) (Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (HKLM-x32\...\WTA-5b2c080f-efe1-4fe4-b2a0-b479b2cf5e59) (Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-200eaec2-9234-47d1-8867-2da6179703e6) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (HKLM-x32\...\WTA-e3e47cae-06ed-43c0-ab20-a96239c84835) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-1ae4582f-e96d-4155-a248-36b47d775e6f) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.8.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.0.80_neutral__qt5r5pa5dyg8m [2012-10-27] (WildTangent Games)
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.62_x86__v68kp9n051hdp [2012-10-27] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.0.0.24_neutral__r8x1fxsdcnpjw [2012-10-27] (Toshiba America Information Systems, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 12:23 - 2012-08-08 12:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-07-12 08:56 - 2012-07-12 08:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 12:20 - 2012-08-08 12:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 12:21 - 2012-08-08 12:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 12:19 - 2012-08-08 12:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 18:48 - 2011-10-17 18:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 08:14 - 2012-02-14 21:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2012-07-19 11:53 - 2012-07-19 11:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\Toshiba\Hotkey\TCrdMain.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> DefaultScope {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL => No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2012-07-26 00:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{F0E3B040-8913-4C64-86F1-0E59EDF6AE44}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
02-03-2022 18:43:13 Windows Update
05-03-2022 15:21:32 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/05/2022 04:31:47 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 04:07:09 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 01:02:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 10:55:50 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (03/05/2022 10:17:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.2.9200.16384, time stamp: 0x5010a7f4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0xc0000005
Fault offset: 0x00000000000747e7
Faulting process id: 0x54
Faulting application start time: 0x01d830a41e2c8f08
Faulting application path: C:\WINDOWS\system32\LogonUI.exe
Faulting module path: C:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll
Report Id: 69d56e9c-9c97-11ec-be73-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/05/2022 10:15:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINE)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144980991 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/05/2022 10:15:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MINE)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2144980991 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/02/2022 03:09:04 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
   at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
System errors:
=============
Error: (03/05/2022 04:44:04 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (03/05/2022 04:42:04 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
 
Error: (03/05/2022 04:33:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/05/2022 04:33:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/05/2022 04:09:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (03/05/2022 04:09:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (03/05/2022 03:08:32 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (03/05/2022 01:52:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 80%
Total physical RAM: 1630.25 MB
Available physical RAM: 311.73 MB
Total Virtual: 9822.25 MB
Available Virtual: 7347.83 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:248.44 GB) NTFS
 
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
DR M
Posted 06 March 2022 - 03:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Wolfie.
 
Please do the following:
 
1. Uninstall apps

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Norton Studio 
SkyDrive 
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
Task: {3DA41B1B-B561-4E0B-91D3-996406C487FA} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /analyze (No File)
Task: {938E1B73-6C12-4B71-B308-201220D512C8} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /submit (No File)
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
2022-03-02 16:23 - 2022-03-05 11:15 - 000000000 ____D C:\Program Files\Common Files\AV
2022-03-02 15:26 - 2022-03-05 16:33 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-02-18 09:53 - 2022-02-18 09:53 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Macromedia
2022-02-18 08:18 - 2022-03-05 10:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Anti-Theft
2022-03-05 16:25 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Norton
2022-03-05 16:09 - 2012-09-06 23:49 - 000000000 ____D C:\ProgramData\NortonInstaller
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> DefaultScope {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL => No File
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

3. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

4. Run Malwarebytes (scan only)

  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
  • If threats are not found, click View Report and proceed to the two last steps below.

    If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
    • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
    • Find the report with the most recent date and double click on it.
    • Click on Export and then Copy to Clipboard.
    • Paste its content here, in your next reply.

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

  • 0

#7
DR M
Posted 07 March 2022 - 02:42 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.

 

Any progress here? 


  • 0

#8
Wolfie
Posted 08 March 2022 - 05:12 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Any progress here? 

Yeah, just kind of skipped a day.

 

 

1. Uninstall apps

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Norton Studio 
SkyDrive 
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

 

I wasn't able to find either of those so was unable to uninstall them.  I can do another FRST scan if you like.

 

 

 

 

In your next reply, please post:

  • The fixlog.txt
  • The AdwCleaner[S0*].txt
  • The Malwarebytes report

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Michelle (06-03-2022 05:36:40) Run:1
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89820200-ECBD-11cf-8B85-00AA005B4340}] -> regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
Task: {3DA41B1B-B561-4E0B-91D3-996406C487FA} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /analyze (No File)
Task: {938E1B73-6C12-4B71-B308-201220D512C8} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe /submit (No File)
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.0.1,-1]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
2022-03-02 16:23 - 2022-03-05 11:15 - 000000000 ____D C:\Program Files\Common Files\AV
2022-03-02 15:26 - 2022-03-05 16:33 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-02-18 09:53 - 2022-02-18 09:53 - 000000000 ____D C:\Users\Michelle\AppData\Roaming\Macromedia
2022-02-18 08:18 - 2022-03-05 10:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Anti-Theft
2022-03-05 16:25 - 2012-09-06 23:50 - 000000000 ____D C:\ProgramData\Norton
2022-03-05 16:09 - 2012-09-06 23:49 - 000000000 ____D C:\ProgramData\NortonInstaller
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> DefaultScope {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
SearchScopes: HKU\S-1-5-21-1354572454-1105605337-2006680600-1001 -> {7D826E84-F143-4808-AA3C-E7F4FDAFE171} URL = 
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.DLL => No File
EmptyTemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DA41B1B-B561-4E0B-91D3-996406C487FA}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DA41B1B-B561-4E0B-91D3-996406C487FA}" => removed successfully
C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Analyzer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938E1B73-6C12-4B71-B308-201220D512C8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938E1B73-6C12-4B71-B308-201220D512C8}" => removed successfully
C:\WINDOWS\System32\Tasks\Norton Anti-Theft\Norton Error Processor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Anti-Theft\Norton Error Processor" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\\0.0.0.0,0.0.0.0,192.168.0.1,-1" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => removed successfully
C:\Program Files\Common Files\AV => moved successfully
C:\Users\Michelle\Documents\Remote Assistance Logs => moved successfully
C:\Users\Michelle\AppData\Roaming\Macromedia => moved successfully
C:\WINDOWS\system32\Tasks\Norton Anti-Theft => moved successfully
C:\ProgramData\Norton => moved successfully
C:\ProgramData\NortonInstaller => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => removed successfully
"HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D826E84-F143-4808-AA3C-E7F4FDAFE171} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9325011 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1812691 B
Edge => 0 B
Chrome => 83246981 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 206258 B
systemprofile32 => 365283 B
LocalService => 398483 B
NetworkService => 410311 B
Michelle => 14541920 B
 
RecycleBin => 0 B
EmptyTemp: => 105.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 05:37:39 ====
 
 
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-02-03.4 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-06-2022
# Duration: 00:01:06
# OS:       Windows 8
# Scanned:  32049
# Detected: 59
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\Users\Michelle\Favorites\StumbleUpon
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 
Preinstalled.TOSHIBADesktopAssist   File   C:\Users\Public\Desktop\Desktop Assist.lnk 
Preinstalled.TOSHIBADesktopAssist   Folder   C:\Program Files\TOSHIBA\TOSHIBA DESKTOP ASSIST 
Preinstalled.TOSHIBADesktopAssist   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95CCACF0-010D-45F0-82BF-858643D8BC02} 
Preinstalled.TOSHIBAPCHealthMonitor   Folder   C:\Program Files\TOSHIBA\TPHM 
Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TosWaitSrv 
Preinstalled.TOSHIBAPCHealthMonitor   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} 
Preinstalled.TOSHIBAPasswordUtility   Folder   C:\Program Files\TOSHIBA\PASSWORDUTILITY 
Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B1786E63-2127-42C9-95A3-146E5F727BF1} 
Preinstalled.TOSHIBAQualityApplication   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBAFB 
Preinstalled.TOSHIBAQualityApplication   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E69992ED-A7F6-406C-9280-1C156417BC49} 
Preinstalled.TOSHIBARegistration   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBAREGISTRATION 
Preinstalled.TOSHIBARegistration   Folder   C:\ProgramData\TOSHIBA\TOSHIBAREGISTRATION 
Preinstalled.TOSHIBARegistration   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5AF550B4-BB67-4E7E-82F1-2C4300279050} 
Preinstalled.TOSHIBASystemSettings   Folder   C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TODDMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0} 
Preinstalled.TOSHIBAUser'sGuide   Folder   C:\Program Files (x86)\TOSHIBA\DOCUMENTATION 
Preinstalled.TOSHIBAUser'sGuide   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3384E1D9-3F18-4A98-8655-180FEF0DFC02} 
Preinstalled.TOSHIBAUtilities   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES 
Preinstalled.ToshibaAppPlace   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBA APP PLACE 
Preinstalled.ToshibaAppPlace   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ToshibaAppPlace 
Preinstalled.ToshibaAppPlace   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ToshibaAppPlace 
Preinstalled.ToshibaAppPlace   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} 
Preinstalled.ToshibaBookPlace   File   C:\Users\Michelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Toshiba Book Place.lnk 
Preinstalled.ToshibaBookPlace   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBA BOOK PLACE 
Preinstalled.ToshibaBookPlace   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{24B45620-22B6-4E4A-B836-FF30A0B0404E} 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES\BEJEWELED 3 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES\POLAR BOWLER 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES\VIRTUAL VILLAGERS 4 - THE TREE OF LIFE 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent toshiba Master Uninstall 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-itgirl 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-polarbowlerfacebook 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-seafight 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-main 
Preinstalled.WildTangentGamesBundle   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk 
Preinstalled.WildTangentGamesBundle   File   C:\Users\Michelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WildTangent Games App - toshiba.lnk 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\APP 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\TOUCHPOINTS\TOSHIBA 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - IT GIRL! 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - POLAR BOWLER STRIKE! 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba 
Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6} 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/8/22
Scan Time: 2:59 AM
Log File: be19460e-9eb5-11ec-8503-008cfa246f8e.json
 
-Software Information-
Version: 4.5.5.175
Components Version: 1.0.1621
Update Package Version: 1.0.52051
License: Trial
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 220997
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 hr, 3 min, 28 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
DR M
Posted 08 March 2022 - 12:48 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello.
 
A busy work day here too.
 
Only one item is detected as a PUP, potentially unwanted program by AdwCleaner. All the other items detected have to do with preinstalled software, software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. Especially in this specific case, with the 2GB RAM, there is no need for all those programs. But the decision is your friend's. 

WildTangentGames is also came preinstalled in the computer. Ask if she wants it, otherwise it can be uninstalled. 

To proceed, please do the following:

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

After the above, please let me see fresh FRST logs.


In your next reply, please post:

  • What did you do with the preinstalled software. What you kept, what you removed.
  • The AdwCleaner[C0*].txt
  • Fresh FRST logs, Addition and FRST. 

  • 0

#10
DR M
Posted 12 March 2022 - 07:06 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Four days have passed since my last post. Do you still need assistance? 


  • 0

Advertisements

#11
DR M
Posted 14 March 2022 - 08:36 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Due to lack of feedback, this topic has been closed.
 
Wolfie, if you need this topic reopened, please contact a staff member, or send me a personal message (hoover with the mouse on my profile name and choose Send message).

  • 0

#12
DR M
Posted 07 April 2022 - 12:28 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Topic re-opened at the User's request.

 

================================

 

Wolfie,

 

Please follow the instructions here and post all the requested logs. 


  • 0

#13
Wolfie
Posted 07 April 2022 - 01:42 AM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

Sorry for taking so long to get around to posting logs, and my apologies for not responding sooner.  I appreciate the time you put in to help people including myself, so I should have at least said something.

 

Anyways, logs that I did during the time...  AdwCleaner (2), MBAM, and ran FRST again, and will include the four logs from them.

 

The only software that I didn't remove was anything that seemed potentially important for the laptop to benefit from extra functions.  At this point I believe that extra memory may be necessary to gain any extra performance, assuming that everything else appears clean to you.

 

 

 

AdwCleaner 1:
 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-03-15.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-19-2022
# Duration: 00:01:31
# OS:       Windows 8
# Scanned:  32050
# Detected: 29
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\Users\Michelle\Favorites\StumbleUpon
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk 
Preinstalled.TOSHIBADesktopAssist   File   C:\Users\Public\Desktop\Desktop Assist.lnk 
Preinstalled.TOSHIBADesktopAssist   Folder   C:\Program Files\TOSHIBA\TOSHIBA DESKTOP ASSIST 
Preinstalled.TOSHIBADesktopAssist   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95CCACF0-010D-45F0-82BF-858643D8BC02} 
Preinstalled.TOSHIBAPasswordUtility   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B1786E63-2127-42C9-95A3-146E5F727BF1} 
Preinstalled.TOSHIBAQualityApplication   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBAFB 
Preinstalled.TOSHIBARegistration   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBAREGISTRATION 
Preinstalled.TOSHIBASystemSettings   Folder   C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TODDMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0} 
Preinstalled.TOSHIBAUtilities   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES 
Preinstalled.ToshibaAppPlace   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ToshibaAppPlace 
Preinstalled.ToshibaBookPlace   File   C:\Users\Michelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Toshiba Book Place.lnk 
Preinstalled.ToshibaBookPlace   Folder   C:\Program Files (x86)\TOSHIBA\TOSHIBA BOOK PLACE 
Preinstalled.ToshibaBookPlace   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{24B45620-22B6-4E4A-B836-FF30A0B0404E} 
Preinstalled.ToshibaWildTangentGamesBundle   Folder   C:\Program Files (x86)\TOSHIBA GAMES 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-itgirl 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-polarbowlerfacebook 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-seafight 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft 
Preinstalled.ToshibaWildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - IT GIRL! 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - POLAR BOWLER STRIKE! 
Preinstalled.WildTangentGamesBundle   Folder   C:\Program Files (x86)\WILDTANGENT GAMES\WEB LINK - SEAFIGHT 
Preinstalled.WildTangentGamesBundle   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions 
 
 
AdwCleaner[S00].txt - [9116 octets] - [06/03/2022 05:53:16]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
 
 
AdwCleaner 2:
 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2022-03-15.3 (Cloud)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-23-2022
# Duration: 00:00:28
# OS:       Windows 8
# Scanned:  32050
# Detected: 5
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.TOSHIBASystemSettings   Folder   C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TODDMain 
Preinstalled.TOSHIBASystemSettings   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0} 
Preinstalled.TOSHIBAUtilities   Folder   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES 
 
 
AdwCleaner[S00].txt - [9116 octets] - [06/03/2022 05:53:16]
AdwCleaner[S01].txt - [5067 octets] - [19/03/2022 18:55:27]
AdwCleaner[C01].txt - [4947 octets] - [19/03/2022 19:01:43]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
 
 
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022 (ATTENTION: ====> FRST version is 38 days old and could be outdated)
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (06-04-2022 17:22:02)
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Platform: Microsoft Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Users\Michelle\Documents\AdwCleaner.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [NameServer] 192.168.0.1
 
FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-03-06]
CHR Extension: (Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-02-18]
CHR Extension: (Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-02-18]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-02-18]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-02-18]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilDrv11913; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11913.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-02 01:31 - 2022-04-02 01:31 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-02 01:31 - 2022-04-02 01:31 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-31 16:15 - 2022-03-31 16:15 - 000001143 _____ C:\Users\Michelle\Documents\Invitation.hygr.3qjf.dyr9.msrcIncident
2022-03-23 16:40 - 2022-03-23 16:40 - 000001204 _____ C:\Users\Michelle\Documents\mbam-2022-03-23.txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000005067 _____ C:\Users\Michelle\Documents\AdwCleaner[S01].txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000002137 _____ C:\Users\Michelle\Documents\AdwCleaner[S02].txt
2022-03-19 19:21 - 2022-03-19 19:22 - 000281624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-08 07:32 - 2014-07-11 20:02 - 000478352 _____ C:\WINDOWS\SysWOW64\locale.nls
2022-03-08 07:32 - 2014-07-11 20:00 - 000478352 _____ C:\WINDOWS\system32\locale.nls
2022-03-08 07:02 - 2022-03-21 00:32 - 000000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2022-03-08 06:41 - 2022-03-08 06:41 - 000000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2022-03-08 06:28 - 2022-03-08 06:28 - 000000000 ___SD C:\WINDOWS\system32\CompatTel
2022-03-08 06:28 - 2022-03-08 06:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-03-08 06:18 - 2022-03-08 06:18 - 000001206 _____ C:\Users\Michelle\Documents\mbam.txt
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-06 17:23 - 2022-03-05 14:10 - 000010020 _____ C:\Users\Michelle\Documents\FRST.txt
2022-04-06 17:22 - 2022-03-02 16:41 - 000000000 ____D C:\FRST
2022-04-06 16:49 - 2022-02-18 09:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-04 17:52 - 2022-02-18 09:46 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-04 17:52 - 2022-02-18 09:46 - 000002140 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-31 16:15 - 2022-03-06 06:49 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-03-20 05:03 - 2022-02-18 09:29 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-03-19 19:27 - 2012-07-26 03:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-19 19:27 - 2012-07-26 01:37 - 000000000 ____D C:\WINDOWS\Inf
2022-03-19 19:23 - 2012-07-26 03:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-19 19:21 - 2012-09-07 00:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-03-19 19:21 - 2012-07-26 01:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-19 19:01 - 2012-09-07 00:52 - 000000000 ____D C:\Program Files (x86)\Toshiba
2022-03-19 19:01 - 2012-09-07 00:49 - 000000000 ____D C:\Program Files\Toshiba
2022-03-19 19:00 - 2022-03-06 06:51 - 000000000 ____D C:\AdwCleaner
2022-03-19 18:42 - 2012-09-07 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2022-03-19 17:17 - 2012-09-07 00:48 - 000000000 ____D C:\ProgramData\Adobe
2022-03-19 16:49 - 2012-10-27 09:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\TOSHIBA
2022-03-19 16:22 - 2012-09-07 00:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-03-19 16:20 - 2012-09-07 00:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-03-19 16:19 - 2012-09-07 00:56 - 000000000 ____D C:\ProgramData\WildTangent
2022-03-11 08:26 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\rescache
2022-03-09 01:09 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\AppCompat
2022-03-08 07:41 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-08 06:41 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\WinStore
2022-03-08 06:40 - 2012-07-26 01:38 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-03-08 06:39 - 2012-07-26 04:12 - 000000000 ____D C:\Program Files\Windows Defender
2022-03-08 06:39 - 2012-07-26 04:12 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-03-08 06:39 - 2012-07-26 04:12 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-03-08 06:38 - 2012-07-26 04:12 - 000000000 ___RD C:\WINDOWS\ToastData
2022-03-08 06:38 - 2012-07-26 04:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-03-08 06:38 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-03-08 06:38 - 2012-07-26 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-08 06:34 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-03-08 06:30 - 2012-07-26 04:12 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-03-08 06:30 - 2012-07-26 04:12 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-03-08 06:30 - 2012-07-26 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-08 06:30 - 2012-07-26 01:38 - 000000000 ____D C:\WINDOWS\system32\Dism
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-04-02 03:01
==================== End of FRST.txt ========================
 
 
 
Addition:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by Michelle (06-04-2022 17:24:45)
Running from C:\Users\Michelle\Documents
Microsoft Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.0.80_neutral__qt5r5pa5dyg8m [2012-10-27] (WildTangent Games)
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.0.0.62_x86__v68kp9n051hdp [2012-10-27] (Symantec Corporation)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
SkyDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.0.0.24_neutral__r8x1fxsdcnpjw [2012-10-27] (Toshiba America Information Systems, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-07-12 09:56 - 2012-07-12 09:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 09:14 - 2012-02-14 22:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
2012-07-19 12:53 - 2012-07-19 12:53 - 000265728 _____ (TOSHIBA Corporation) [File not signed] C:\Program Files\Toshiba\Hotkey\TCrdMain.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{11084B46-9502-49E1-A0D3-4641771CA2FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
19-03-2022 18:57:52 AdwCleaner_BeforeCleaning_19/03/2022_18:57:51
27-03-2022 03:09:23 Scheduled Checkpoint
04-04-2022 03:01:49 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/21/2022 12:32:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x810
Faulting application start time: 0x01d83cdc93ce9527
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: dc128655-a8cf-11ec-be7e-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/19/2022 06:39:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MINE)
Description: Application or service 'Toshiba App Place' could not be shut down.
 
Error: (03/19/2022 05:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x3f8
Faulting application start time: 0x01d83bd687056a69
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: d4fefb4f-a7c9-11ec-be7d-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/13/2022 04:54:13 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/10/2022 04:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x69c
Faulting application start time: 0x01d834b9d2b0862c
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: 22aecfa4-a0ad-11ec-be7c-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/10/2022 04:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig-0.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0xc3c
Faulting application start time: 0x01d834b9d57d0ffc
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
Faulting module path: KERNELBASE.dll
Report Id: 22aea894-a0ad-11ec-be7c-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/08/2022 07:01:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x1154
Faulting application start time: 0x01d832dbcfee6aef
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: 140ef892-9ecf-11ec-be7c-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/08/2022 06:53:51 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (04/06/2022 05:30:17 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (04/06/2022 05:28:17 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
 
Error: (04/06/2022 05:21:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/06/2022 05:21:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/06/2022 09:17:59 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (04/06/2022 09:17:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (04/06/2022 09:17:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/06/2022 09:17:58 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 1630.25 MB
Available physical RAM: 825.14 MB
Total Virtual: 9822.25 MB
Available Virtual: 8162.31 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:250.19 GB) NTFS
 
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 
MBAM:
 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/23/22
Scan Time: 4:20 PM
Log File: a353e63e-aae6-11ec-94cc-008cfa246f8e.json
 
-Software Information-
Version: 4.5.5.175
Components Version: 1.0.1621
Update Package Version: 1.0.52760
License: Free
 
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: mine\Michelle
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 218777
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 9 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
DR M
Posted 07 April 2022 - 08:40 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Wolfie.
 
Let's continue.

 

The FRST tool you used is an old version. You must always make sure that you are connected to the internet and let the tool get its updates before using it. Or make sure to always download the most recent version.

 

I also see that the RAM in use is now 49%. This is much better than before, but still the computer needs RAM. 
 
 

1. Uninstal programs / apps
 
You can remove any pre-installed software. Nothing is necessary for the system, unless someone uses it. So you can remove everything using AdwCleaner, and then also consider to uninstall these: 
 
TOSHIBA System Settings
TOSHIBA eco Utility
 
I also see these in the logs:

 

Norton Studio 
SkyDrive

  • Press the Windows Key to open the Start Screen.
  • Can you see Norton Studio or SkyDrive among the applications? 
  • If yes, right click on each one and select Uninstall.

 

2. Enable Windows Defender

 

Windows Defender is disabled. To enable it, use Method 2 here to enable it and let me know about the result. 

 

 

3. Check RAM

 

Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept. 
 
After adding RAM, you can go on to upgrade the computer. I would first upgrade to 8.1 and then to 10. I'll give you instructions about that, but let's go step by step. 
 
 
In your next reply please post:
  1. If you uninstalled any other programs
  2. If you did uninstall Norton and SkyDrive
  3. If Defender was succesfully got enabled
  4. What's the RAM result

  • 0

#15
Wolfie
Posted 08 April 2022 - 10:37 PM

Wolfie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

The FRST tool you used is an old version. You must always make sure that you are connected to the internet and let the tool get its updates before using it. Or make sure to always download the most recent version.

The URL needs to be changed.  It worked before but something on the site must have made it more strict because now it requires a "/" at the end to work or it says the file doesn't exist.

 

Ran AdwCleaner and quarantined the two remaining items.  Ran Crucial's memory tool and told me what I already knew (but better to get confirmation, so thank you for pointing me to that tool, very helpful).  I had already found prices for memory, but not sure if she's going to be buying any for it or not.  Results: https://www.crucial....8a697a631d926c3

 

For Norton Studio and SkyDrive, NS was uninstalled but still had a shortcut in the Start Menu.  SD had a shortcut that lead to a file in Program Files (x86) to install it.  I deleted the shortcuts and that install file.  Neither was appearing in the Programs and Features menu and clicking to "Uninstall" would take me there to not see it available.

 

Is there any way of getting a scan log from Defender?  It didn't report anything of concern (ie, anything at all), only telling me the last scan time and the definitions are up to date (updated early today).  Nothing in the history when I check there.

 

 

I'll accept the information for updating to 8.1 and then to 10, but I'll pass that onto her to decide.  I am wondering though, why not just upgrade directly to 10?

 

Here are the newest FRST logs.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2022
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (09-04-2022 00:12:23)
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Platform: Microsoft Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <5>
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [NameServer] 192.168.0.1
 
FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-04-08]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilDrv11913; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11913.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl0fd5f570; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4EA49072-E9BF-4F59-906E-3ABAA1E05052}\MpKslDrv.sys [50448 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-09 00:10 - 2022-04-09 00:10 - 002365440 _____ (Farbar) C:\Users\Michelle\Documents\FRST.exe
2022-04-08 18:36 - 2022-04-08 18:36 - 000279560 _____ C:\Users\Michelle\Downloads\CrucialScan (1).exe
2022-04-08 18:35 - 2022-04-08 18:35 - 000279560 _____ C:\Users\Michelle\Downloads\CrucialScan.exe
2022-04-08 18:26 - 2022-04-08 18:26 - 000001139 _____ C:\Users\Michelle\Documents\2SZZLNYGTBFV.msrcIncident
2022-04-08 18:22 - 2022-04-08 18:23 - 000279800 _____ C:\WINDOWS\Minidump\040822-33618-01.dmp
2022-04-02 01:31 - 2022-04-02 01:31 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-02 01:31 - 2022-04-02 01:31 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-23 16:40 - 2022-03-23 16:40 - 000001204 _____ C:\Users\Michelle\Documents\mbam-2022-03-23.txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000005067 _____ C:\Users\Michelle\Documents\AdwCleaner[S01].txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000002137 _____ C:\Users\Michelle\Documents\AdwCleaner[S02].txt
2022-03-19 19:21 - 2022-03-19 19:22 - 000281624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-09 00:13 - 2022-03-05 14:10 - 000009205 _____ C:\Users\Michelle\Documents\FRST.txt
2022-04-09 00:12 - 2022-03-02 16:41 - 000000000 ____D C:\FRST
2022-04-09 00:05 - 2022-03-05 14:40 - 000033403 _____ C:\Users\Michelle\Documents\Addition.txt
2022-04-08 23:49 - 2022-02-18 09:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-08 19:20 - 2022-02-18 09:29 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-04-08 19:15 - 2022-02-18 09:18 - 000000000 ____D C:\Users\Michelle\AppData\Local\Packages
2022-04-08 19:15 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2022-04-08 18:40 - 2022-02-18 09:46 - 000000000 ____D C:\Program Files\Google
2022-04-08 18:27 - 2012-07-26 03:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-08 18:27 - 2012-07-26 01:37 - 000000000 ____D C:\WINDOWS\Inf
2022-04-08 18:26 - 2022-03-06 06:49 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-04-08 18:23 - 2012-07-26 03:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-08 18:22 - 2022-03-02 15:41 - 277107699 _____ C:\WINDOWS\MEMORY.DMP
2022-04-08 18:22 - 2022-03-02 15:41 - 000000000 ____D C:\WINDOWS\Minidump
2022-04-08 17:51 - 2012-09-07 00:52 - 000000000 ____D C:\Program Files (x86)\Toshiba
2022-04-08 17:51 - 2012-09-07 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2022-04-04 17:52 - 2022-02-18 09:46 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-04 17:52 - 2022-02-18 09:46 - 000002140 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-21 00:32 - 2022-03-08 07:02 - 000000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2022-03-19 19:21 - 2012-09-07 00:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-03-19 19:21 - 2012-07-26 01:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-19 19:01 - 2012-09-07 00:49 - 000000000 ____D C:\Program Files\Toshiba
2022-03-19 19:00 - 2022-03-06 06:51 - 000000000 ____D C:\AdwCleaner
2022-03-19 17:17 - 2012-09-07 00:48 - 000000000 ____D C:\ProgramData\Adobe
2022-03-19 16:49 - 2012-10-27 09:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\TOSHIBA
2022-03-19 16:22 - 2012-09-07 00:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-03-19 16:20 - 2012-09-07 00:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-03-19 16:19 - 2012-09-07 00:56 - 000000000 ____D C:\ProgramData\WildTangent
2022-03-11 08:26 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\rescache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-04-02 03:01
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2022
Ran by Michelle (09-04-2022 00:15:11)
Running from C:\Users\Michelle\Documents
Microsoft Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.0.80_neutral__qt5r5pa5dyg8m [2012-10-27] (WildTangent Games)
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.0.0.24_neutral__r8x1fxsdcnpjw [2012-10-27] (Toshiba America Information Systems, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-07-12 09:56 - 2012-07-12 09:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 13:13 - 2012-08-08 13:13 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2012-08-08 13:13 - 2012-08-08 13:13 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 09:14 - 2012-02-14 22:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 01:26 - 2012-07-26 01:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{11084B46-9502-49E1-A0D3-4641771CA2FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
19-03-2022 18:57:52 AdwCleaner_BeforeCleaning_19/03/2022_18:57:51
27-03-2022 03:09:23 Scheduled Checkpoint
04-04-2022 03:01:49 Scheduled Checkpoint
08-04-2022 17:50:40 AdwCleaner_BeforeCleaning_08/04/2022_17:50:39
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/08/2022 07:26:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpengine.exe, version: 1.1.19158.0, time stamp: 0x1b582626
Faulting module name: pi-ms-win-crt-locale-l1-1-0.dll, version: 6.2.9200.17581, time stamp: 0x5644f0f7
Exception code: 0xc0000135
Fault offset: 0x00000000000e1e80
Faulting process id: 0x1394
Faulting application start time: 0x01d84ba003a166d4
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
Faulting module path: pi-ms-win-crt-locale-l1-1-0.dll
Report Id: 433aafd4-b793-11ec-be7f-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/08/2022 06:39:06 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (03/21/2022 12:32:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x810
Faulting application start time: 0x01d83cdc93ce9527
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: dc128655-a8cf-11ec-be7e-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/19/2022 06:39:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MINE)
Description: Application or service 'Toshiba App Place' could not be shut down.
 
Error: (03/19/2022 05:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x3f8
Faulting application start time: 0x01d83bd687056a69
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: d4fefb4f-a7c9-11ec-be7d-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/13/2022 04:54:13 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/10/2022 04:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x69c
Faulting application start time: 0x01d834b9d2b0862c
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: 22aecfa4-a0ad-11ec-be7c-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/10/2022 04:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig-0.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0xc3c
Faulting application start time: 0x01d834b9d57d0ffc
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
Faulting module path: KERNELBASE.dll
Report Id: 22aea894-a0ad-11ec-be7c-008cfa246f8e
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (04/09/2022 12:20:44 AM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (04/09/2022 12:18:44 AM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
 
Error: (04/09/2022 12:12:04 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/09/2022 12:12:04 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/09/2022 12:11:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/09/2022 12:11:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/08/2022 11:57:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
Error: (04/08/2022 11:57:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
 
 
==================== Memory info =========================== 
 
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 65%
Total physical RAM: 1630.25 MB
Available physical RAM: 560.95 MB
Total Virtual: 9822.25 MB
Available Virtual: 7651.93 MB
 
==================== Drives ================================
 
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:249.52 GB) NTFS
 
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

Edited by Wolfie, 08 April 2022 - 10:46 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP