1. FRST - I was talking about the link you provided to bleeping computer. Also when I run it, it says that it failed to update for some reason.
It seems that a slash (/) was missing from the link I gave you, so the page couldn't open. I'm sorry about that. I corrected it. But it has to be updated. What you say is very strange.
It had worked previously, so something change on the website and wasn't your fault by any means.
Here's something of concern and curiosity. I downloaded the "most recent" FRST64.exe file from here, which was showing today's date on it (April 10th, 2022), but when running it, I'm told it's almost a year old. The date on it (in the FRST window) is showing May of 2021. I downloaded it again and compared the newer download with the other one and both files are the same (ie, I didn't mistake one file for another). I downloaded it from bleeping and that one has today's date on it when running.
4. I've suggested memory to her, and if she decides to get some I've been thinking 4GB so she'd have 6GB total.
Sure. 6GB is much better than 2GB. However, if you do proceed to upgrade to Windows 10, with the 8GB the computer will be running much better.
I'll be sure to let her know.
2. It was the two Toshiba apps that you suggested get removed.
Since you removed those programs, you may want to uninstall these from Programs and Features:
TOSHIBA eco Utility
TOSHIBA System Driver
Okay, got them uninstalled.
Let me know what are planning to do now. In case you will add the RAM and upgrade, I will leave the topic open and wait until I have news from you. In case you won't do anything else, I'll give you the final instructions, for the tools we used removal and the creation of a new restore point.
Once we're done, I'm going to return the laptop to her and let her know about the RAM and upgrading to 10 options.
Here are latest logs if you want to analyze them. FRST, Addition, AdwCleaner, and MBAM.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-04-2022 02
Ran by Michelle (administrator) on MINE (TOSHIBA Satellite C855D) (10-04-2022 16:55:30)
Running from C:\Users\Michelle\Documents
Loaded Profiles: Michelle
Platform: Microsoft Windows 8 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msra.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <5>
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe (No File)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.75\Installer\chrmstp.exe [2022-04-04] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4116063D-89A2-4BC7-9E8A-518ED6379533} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage => {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {692A017E-FFCB-4B50-8C35-612C0B3068F9} - System32\Tasks\GoogleUpdateTaskMachineUA{2110CD26-E00F-4E8A-B759-D7DAC3E8E389} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {97013C2E-DD2C-4A33-BDD6-8394F3425D4C} - System32\Tasks\GoogleUpdateTaskMachineCore{AB007181-87B4-4265-A36C-C2F24D4432C1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-02-18] (Google LLC -> Google LLC)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask => {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} C:\WINDOWS\system32\wlroamextension.dll [543232 2013-02-02] (Microsoft Windows -> Microsoft Corporation)
Task: {AA9BC3E2-3924-4D30-A0D7-C4274AB654F4} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask => {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} C:\WINDOWS\system32\SettingSyncInfo.dll [128512 2015-08-04] (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{065C6981-2C5E-4AD4-AA72-907768FCFCF3}: [NameServer] 192.168.0.1
FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default [2022-04-10]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-18]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [509904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilDrv11913; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11913.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145376 2022-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 FwLnk; C:\WINDOWS\System32\drivers\FwLnk.sys [9216 2012-07-10] (Microsoft Windows Hardware Compatibility Publisher -> TOSHIBA Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2022-04-02] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl0fd5f570; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4EA49072-E9BF-4F59-906E-3ABAA1E05052}\MpKslDrv.sys [50448 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-10 16:53 - 2022-04-10 16:54 - 002365440 _____ (Farbar) C:\Users\Michelle\Documents\FRST64.exe
2022-04-08 18:36 - 2022-04-08 18:36 - 000279560 _____ C:\Users\Michelle\Downloads\CrucialScan (1).exe
2022-04-08 18:35 - 2022-04-08 18:35 - 000279560 _____ C:\Users\Michelle\Downloads\CrucialScan.exe
2022-04-08 18:26 - 2022-04-08 18:26 - 000001139 _____ C:\Users\Michelle\Documents\2SZZLNYGTBFV.msrcIncident
2022-04-08 18:22 - 2022-04-08 18:23 - 000279800 _____ C:\WINDOWS\Minidump\040822-33618-01.dmp
2022-04-02 01:31 - 2022-04-02 01:31 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-04-02 01:31 - 2022-04-02 01:31 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-03-23 16:40 - 2022-03-23 16:40 - 000001204 _____ C:\Users\Michelle\Documents\mbam-2022-03-23.txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000005067 _____ C:\Users\Michelle\Documents\AdwCleaner[S01].txt
2022-03-23 16:19 - 2022-03-23 16:19 - 000002137 _____ C:\Users\Michelle\Documents\AdwCleaner[S02].txt
2022-03-19 19:21 - 2022-03-19 19:22 - 000281624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-04-10 16:56 - 2022-03-05 14:10 - 000008932 _____ C:\Users\Michelle\Documents\FRST.txt
2022-04-10 16:56 - 2022-03-02 16:41 - 000000000 ____D C:\FRST
2022-04-10 16:50 - 2022-02-18 09:44 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-10 16:47 - 2012-09-07 00:52 - 000000000 ____D C:\Program Files (x86)\Toshiba
2022-04-10 16:45 - 2012-09-07 00:49 - 000000000 ____D C:\Program Files\Toshiba
2022-04-10 16:37 - 2022-02-18 09:29 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1354572454-1105605337-2006680600-1001
2022-04-10 16:30 - 2022-02-18 09:18 - 000000000 ____D C:\Users\Michelle\AppData\Local\Packages
2022-04-10 16:30 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\AUInstallAgent
2022-04-09 00:22 - 2022-03-05 14:40 - 000033380 _____ C:\Users\Michelle\Documents\Addition.txt
2022-04-08 18:40 - 2022-02-18 09:46 - 000000000 ____D C:\Program Files\Google
2022-04-08 18:27 - 2012-07-26 03:28 - 000848230 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-04-08 18:27 - 2012-07-26 01:37 - 000000000 ____D C:\WINDOWS\Inf
2022-04-08 18:26 - 2022-03-06 06:49 - 000000000 ____D C:\Users\Michelle\Documents\Remote Assistance Logs
2022-04-08 18:23 - 2012-07-26 03:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-04-08 18:22 - 2022-03-02 15:41 - 277107699 _____ C:\WINDOWS\MEMORY.DMP
2022-04-08 18:22 - 2022-03-02 15:41 - 000000000 ____D C:\WINDOWS\Minidump
2022-04-08 17:51 - 2012-09-07 00:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2022-04-04 17:52 - 2022-02-18 09:46 - 000002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-04 17:52 - 2022-02-18 09:46 - 000002140 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-21 00:32 - 2022-03-08 07:02 - 000000000 ____D C:\Users\Michelle\AppData\Local\CrashDumps
2022-03-19 19:21 - 2012-09-07 00:49 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-03-19 19:21 - 2012-07-26 01:26 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2022-03-19 19:00 - 2022-03-06 06:51 - 000000000 ____D C:\AdwCleaner
2022-03-19 17:17 - 2012-09-07 00:48 - 000000000 ____D C:\ProgramData\Adobe
2022-03-19 16:49 - 2012-10-27 09:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\TOSHIBA
2022-03-19 16:22 - 2012-09-07 00:55 - 000000000 ____D C:\ProgramData\Toshiba
2022-03-19 16:20 - 2012-09-07 00:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2022-03-19 16:19 - 2012-09-07 00:56 - 000000000 ____D C:\ProgramData\WildTangent
2022-03-11 08:26 - 2012-07-26 04:12 - 000000000 ____D C:\WINDOWS\rescache
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
ATTENTION: ==> Could not access BCD. -> 0x0D0A57696E646F777320426F6F74204D616E616765720D0A2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A6964656E74696669657220202020202020202020202020207B626F6F746D67727D0D0A646576696365202020202020202020202020202020202020706172746974696F6E3D5C4465766963655C486172646469736B566F6C756D65320D0A7061746820202020202020202020202020202020202020205C4546495C4D6963726F736F66745C426F6F745C626F6F746D6766772E6566690D0A6465736372697074696F6E2020202020202020202020202057696E646F777320426F6F74204D616E616765720D0A6C6F63616C65202020202020202020202020202020202020656E2D55530D0A696E686572697420202020202020202020202020202020207B676C6F62616C73657474696E67737D0D0A696E74656772697479736572766963657320202020202020456E61626C650D0A64656661756C7420202020202020202020202020202020207B63757272656E747D0D0A726573756D656F626A6563742020202020202020202020207B38366161366465312D363934342D313165342D386162322D6536313730396133333236307D0D0A646973706C61796F726465722020202020202020202020207B63757272656E747D0D0A746F6F6C73646973706C61796F72646572202020202020207B6D656D646961677D0D0A74696D656F7574202020202020202020202020202020202033300D0A0D0A57696E646F777320426F6F74204C6F616465720D0A2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D2D0D0A6964656E74696669657220202020202020202020202020207B63757272656E747D0D0A646576696365202020202020202020202020202020202020706172746974696F6E3D433A0D0A7061746820202020202020202020202020202020202020205C57494E444F57535C73797374656D33325C77696E6C6F61642E6566690D0A6465736372697074696F6E2020202020202020202020202057696E646F777320380D0A6C6F63616C65202020202020202020202020202020202020656E2D55530D0A696E686572697420202020202020202020202020202020207B626F6F746C6F6164657273657474696E67737D0D0A7265636F7665727973657175656E636520202020202020207B33313832616663302D346564312D313165322D626536652D3030386366613234366638657D0D0A696E74656772697479736572766963657320202020202020456E61626C650D0A7265636F76657279656E61626C65642020202020202020205965730D0A69736F6C61746564636F6E746578742020202020202020205965730D0A616C6C6F776564696E6D656D6F727973657474696E677320307831353030303037350D0A6F7364657669636520202020202020202020202020202020706172746974696F6E3D433A0D0A73797374656D726F6F7420202020202020202020202020205C57494E444F57530D0A726573756D656F626A6563742020202020202020202020207B38366161366465312D363934342D313165342D386162322D6536313730396133333236307D0D0A6E78202020202020202020202020202020202020202020204F7074496E0D0A626F6F746D656E75706F6C696379202020202020202020205374616E646172640D0A64657465637468616C2020202020202020202020202020205965730D0A
LastRegBack: 2022-04-02 03:01
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-04-2022 02
Ran by Michelle (10-04-2022 16:58:32)
Running from C:\Users\Michelle\Documents
Microsoft Windows 8 (X64) (2022-02-18 13:17:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1354572454-1105605337-2006680600-500 - Administrator - Disabled)
Guest (S-1-5-21-1354572454-1105605337-2006680600-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1354572454-1105605337-2006680600-1003 - Limited - Enabled)
Michelle (S-1-5-21-1354572454-1105605337-2006680600-1001 - Administrator - Enabled) => C:\Users\Michelle
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CrystalDiskInfo 8.15.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.15.2 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.75 - Google LLC)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}) (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Packages:
=========
Amazon for Windows -> C:\Program Files\WindowsApps\Amazon.com.Amazon_1.0.4.0_neutral__343d40qqvtj1t [2012-10-27] (Amazon.com)
Bing -> C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_1.0.0.77_x86__vwcaa66y1ah8t [2022-02-18] (K-NFB Reading Technologies, Inc.)
Camera -> C:\Program Files\WindowsApps\Microsoft.Camera_6.2.8514.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.0.0.0_neutral__1618n3s9xq8tw [2012-10-27] (eBay, Inc)
Encyclopaedia Britannica -> C:\Program Files\WindowsApps\EncyclopaediaBritannica.EncyclopaediaBritannica_1.0.0.17_neutral__k5b3gy2wfywap [2012-10-27] (Encyclopaedia Britannica)
Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
iCookbook SE -> C:\Program Files\WindowsApps\PublicationsInternational.iCookbookSE_0.9.2.5_neutral__d33n3f4t8bm20 [2012-10-27] (Publications International, Ltd)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.0.1.6_neutral__a76a11dkgb644 [2022-02-18] (Clear Channel Management Services, Inc.)
Merriam-Webster Dictionary -> C:\Program Files\WindowsApps\D22CCC44.Merriam-WebsterDictionary_1.0.0.16_neutral__mbv6ra3y34fnr [2012-10-27] (Merriam-Webster, Inc.)
Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.1.0.RC_1.0.8377.0_neutral__8wekyb3d8bbwe [2022-02-18] (Microsoft Platform Extensions)
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_1.0.0.11_x64__mcm4njqhnhss8 [2012-10-27] (Netflix, Inc.)
News -> C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
News Place -> C:\Program Files\WindowsApps\2B24874D.NewsPlace_1.0.0.2_neutral__v10edqkhnj0dg [2022-02-18] (Synacor, Inc.)
Photos -> C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation)
Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
StumbleUpon -> C:\Program Files\WindowsApps\06DAC6F6.StumbleUpon_2.0.5.0_neutral__9pdyks8yk4v0j [2012-10-27] (StumbleUpon, Inc.)
TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_1.0.0.44_x64__679ekb9hp1h62 [2022-02-18] (sMedio)
Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_1.0.927.0_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
Vimeo -> C:\Program Files\WindowsApps\Vimeo.Vimeo_1.1.0.0_neutral__cfs1vy0wkzthc [2022-02-18] (Vimeo)
Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe [2022-02-18] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-03-06] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000035328 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000040448 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000019456 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000176128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001007616 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000009216 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 001395712 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000038912 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000307200 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.CoreAudioAPI.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000013312 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000031744 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000048128 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000025088 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000097792 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
2012-08-08 13:23 - 2012-08-08 13:23 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll
2012-07-12 09:56 - 2012-07-12 09:56 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000066560 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000036864 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
2012-08-08 13:20 - 2012-08-08 13:20 - 000385024 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000061440 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000006656 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000303616 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000479744 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll
2012-08-08 13:21 - 2012-08-08 13:21 - 000175104 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
2012-08-08 13:13 - 2012-08-08 13:13 - 000837632 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
2012-08-08 13:13 - 2012-08-08 13:13 - 000004608 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000311296 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-08-08 13:19 - 2012-08-08 13:19 - 000196608 _____ (Advanced Mirco Devices, Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000016384 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll
2011-10-17 19:48 - 2011-10-17 19:48 - 000045056 _____ (ATI Technologies Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll
2012-10-27 09:14 - 2012-02-14 22:37 - 000594432 _____ (Realtek Semiconductor Corp.) [File not signed] C:\WINDOWS\system32\Rtlihvs.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 01:26 - 2012-07-26 01:26 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-1354572454-1105605337-2006680600-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C1FE97EC-B03D-48FF-94D5-E5FC0E1F9A37}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6243A023-8B9C-4A2F-A4C1-53569B92F894}] => (Allow) LPort=2869
FirewallRules: [{0F7812EE-19D9-4517-ADAB-248F4E6E6FC5}] => (Allow) LPort=1900
FirewallRules: [{11084B46-9502-49E1-A0D3-4641771CA2FF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
19-03-2022 18:57:52 AdwCleaner_BeforeCleaning_19/03/2022_18:57:51
27-03-2022 03:09:23 Scheduled Checkpoint
04-04-2022 03:01:49 Scheduled Checkpoint
08-04-2022 17:50:40 AdwCleaner_BeforeCleaning_08/04/2022_17:50:39
10-04-2022 16:32:14 Removed TOSHIBA eco Utility.
10-04-2022 16:46:32 Removed TOSHIBA System Driver.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/10/2022 04:46:00 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: MINE)
Description: Application or service 'TOSHIBA eco Utility Service' could not be restarted.
Error: (04/08/2022 07:26:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpengine.exe, version: 1.1.19158.0, time stamp: 0x1b582626
Faulting module name: pi-ms-win-crt-locale-l1-1-0.dll, version: 6.2.9200.17581, time stamp: 0x5644f0f7
Exception code: 0xc0000135
Fault offset: 0x00000000000e1e80
Faulting process id: 0x1394
Faulting application start time: 0x01d84ba003a166d4
Faulting application path: C:\ProgramData\Microsoft\Windows Defender\Scans\MpPayloadData\mpengine.exe
Faulting module path: pi-ms-win-crt-locale-l1-1-0.dll
Report Id: 433aafd4-b793-11ec-be7f-008cfa246f8e
Faulting package full name:
Faulting package-relative application ID:
Error: (04/08/2022 06:39:06 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (03/21/2022 12:32:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x810
Faulting application start time: 0x01d83cdc93ce9527
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: dc128655-a8cf-11ec-be7e-008cfa246f8e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/19/2022 06:39:28 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MINE)
Description: Application or service 'Toshiba App Place' could not be shut down.
Error: (03/19/2022 05:16:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x3f8
Faulting application start time: 0x01d83bd687056a69
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: d4fefb4f-a7c9-11ec-be7d-008cfa246f8e
Faulting package full name:
Faulting package-relative application ID:
Error: (03/13/2022 04:54:13 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/10/2022 04:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ig.exe, version: 1.0.2.43, time stamp: 0x60f841fd
Faulting module name: KERNELBASE.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000142
Fault offset: 0x00078dd2
Faulting process id: 0x69c
Faulting application start time: 0x01d834b9d2b0862c
Faulting application path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Faulting module path: KERNELBASE.dll
Report Id: 22aecfa4-a0ad-11ec-be7c-008cfa246f8e
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (04/10/2022 05:04:35 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (04/10/2022 05:02:35 PM) (Source: DCOM) (EventID: 10010) (User: MINE)
Description: The server {1ECCA34C-E88A-44E3-8D6A-8921BDE9E452} did not register with DCOM within the required timeout.
Error: (04/10/2022 04:55:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
Error: (04/10/2022 04:55:18 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
Error: (04/10/2022 04:53:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
Error: (04/10/2022 04:53:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
Error: (04/10/2022 04:49:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
Error: (04/10/2022 04:49:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
==================== Memory info ===========================
BIOS: Insyde Corp. 6.20 01/09/2013
Motherboard: TOSHIBA Portable PC
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 72%
Total physical RAM: 1630.25 MB
Available physical RAM: 456.36 MB
Total Virtual: 9822.25 MB
Available Virtual: 7401.08 MB
==================== Drives ================================
Drive c: (TI10653500D) (Fixed) (Total:287.51 GB) (Free:248.5 GB) NTFS
\\?\Volume{19b1796e-fc7e-11e1-b415-c03b3d1fbb80}\ (System) (Fixed) (Total:0.44 GB) (Free:0.16 GB) NTFS
\\?\Volume{47d0c280-9aae-4391-834a-3561580c3cdb}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{092cbfbc-60b1-4534-ad27-85aa4fd28450}\ (Recovery) (Fixed) (Total:9.42 GB) (Free:0.64 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 298.1 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support:
https://www.malwarebytes.com/support#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-10-2022
# Duration: 00:00:36
# OS: Windows 8
# Scanned: 32050
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [9116 octets] - [06/03/2022 05:53:16]
AdwCleaner[S01].txt - [5067 octets] - [19/03/2022 18:55:27]
AdwCleaner[C01].txt - [4947 octets] - [19/03/2022 19:01:43]
AdwCleaner[S02].txt - [2137 octets] - [23/03/2022 15:31:48]
AdwCleaner[S03].txt - [2198 octets] - [08/04/2022 17:50:16]
AdwCleaner[C03].txt - [2451 octets] - [08/04/2022 17:51:23]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/10/22
Scan Time: 5:18 PM
Log File: c5ddcf40-b913-11ec-8853-008cfa246f8e.json
-Software Information-
Version: 4.5.7.186
Components Version: 1.0.1645
Update Package Version: 1.0.53463
License: Free
-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: mine\Michelle
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 217843
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 13 min, 52 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)