I haven't used this laptop for awhile I loned it to a friend while I was traveling and when I turned it on and tried to update it hasn't been able to do any microsoft updates/window defender. Also, my Norton had expired so thought maybe it was stopping it from updating so I uninstalled and used Norton Removal Tool. I did a scan last week or so with Malwarebytes Adw/Cleaner and it removed some things. Still not updating and running rather slow.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02
Ran by MWG (administrator) on YVONNE-PC (23-07-2016 17:38:52)
Running from C:\Users\MWG\Desktop
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1770400 2011-02-24] (Affinegy, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2016-07-01]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{C1312CAC-2938-47EA-B713-1E6989FE294B}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-15] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)
FireFox:
========
FF ProfilePath: C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3432716916-1219727339-2741707856-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MWG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
FF Extension: Self-Destructing Cookies - C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default\Extensions\[email protected] [2016-06-21]
Chrome:
=======
CHR Profile: C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-20]
CHR Extension: (Google Docs) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-20]
CHR Extension: (Google Drive) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-06-20]
CHR Extension: (YouTube) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Google Search) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-20]
CHR Extension: (Google Sheets) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-20]
CHR Extension: (Norton Identity Safe) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 17:38 - 2016-07-23 17:45 - 00013629 _____ C:\Users\MWG\Desktop\FRST.txt
2016-07-23 17:37 - 2016-07-23 17:38 - 00000000 ____D C:\FRST
2016-07-23 17:36 - 2016-07-23 17:36 - 02394112 _____ (Farbar) C:\Users\MWG\Desktop\FRST64.exe
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieUserList
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieBrowserModeList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieUserList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieSiteList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieBrowserModeList
2016-07-23 17:11 - 2016-07-23 17:12 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool.exe
2016-07-23 17:07 - 2016-07-23 17:07 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT(1).exe
2016-07-23 17:04 - 2016-07-23 17:04 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT.exe
2016-07-22 22:44 - 2016-07-22 22:44 - 00000000 ____D C:\Users\MWG\Documents\My Received Files
2016-07-10 10:07 - 2016-07-10 10:07 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-07-04 21:36 - 2016-07-04 21:36 - 00000000 ____D C:\Users\MWG\AppData\Local\CrashDumps
2016-07-01 23:29 - 2016-07-01 23:32 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Paltalk
2016-07-01 23:29 - 2016-07-01 23:29 - 00001992 _____ C:\Users\MWG\Desktop\Paltalk Messenger.lnk
2016-07-01 23:29 - 2016-07-01 23:29 - 00001222 _____ C:\Users\MWG\Desktop\Upgrade to Paltalk Extreme.lnk
2016-07-01 23:29 - 2016-07-01 23:29 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2016-07-01 23:29 - 2016-07-01 23:29 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2016-07-01 23:26 - 2016-07-01 23:26 - 01222600 _____ (AVM Software Inc.) C:\Users\MWG\Downloads\pal_install_u45902064_a729_r109817_p173.exe
2016-07-01 23:18 - 2016-07-02 00:24 - 00000000 ____D C:\AdwCleaner
2016-07-01 23:17 - 2016-07-01 23:17 - 03712064 _____ C:\Users\MWG\Downloads\adwcleaner.exe
2016-06-29 21:45 - 2016-07-23 16:34 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-06-29 21:45 - 2016-06-29 21:45 - 00000000 ____D C:\Program Files\Common Files\AV
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-23 17:44 - 2010-10-15 13:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-23 17:41 - 2012-04-21 07:59 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-23 17:29 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:29 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:18 - 2016-06-20 21:47 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieSiteList
2016-07-23 17:16 - 2010-12-28 13:36 - 00000000 ____D C:\ProgramData\Norton
2016-07-23 17:16 - 2010-10-15 13:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 17:16 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-22 23:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-07-14 22:44 - 2012-04-21 07:59 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 22:44 - 2012-04-21 07:59 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 22:44 - 2011-06-04 02:11 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 21:46 - 2011-08-14 22:25 - 00000000 ____D C:\windows\system32\Macromed
2016-07-14 21:46 - 2010-10-15 13:40 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-07-02 00:55 - 2016-06-21 21:58 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-02 00:12 - 2013-07-30 16:31 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Yahoo!
2016-07-02 00:12 - 2012-04-20 13:28 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:35 - 00000000 ____D C:\Users\Yvonne\AppData\Roaming\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:35 - 00000000 ____D C:\Users\Yvonne\AppData\LocalLow\Yahoo!
2016-07-02 00:12 - 2011-06-04 01:34 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-06-28 20:25 - 2016-06-20 21:13 - 00000000 ____D C:\Users\MWG\AppData\Local\Deployment
2016-06-26 23:32 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-26 23:32 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
Files to move or delete:
====================
C:\Users\Yvonne\flashplayer11_b2_install_win_ax32_080811.exe
Some files in TEMP:
====================
C:\Users\MWG\AppData\Local\Temp\{A815631B-F05A-420E-914B-F8D932E168F2}-51.0.2704.103_chrome_installer.exe
C:\Users\Yvonne\AppData\Local\Temp\4F79.exe
C:\Users\Yvonne\AppData\Local\Temp\setup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-10 13:45
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02
Ran by MWG (2016-07-23 18:00:01)
Running from C:\Users\MWG\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-27 08:53:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3432716916-1219727339-2741707856-500 - Administrator - Disabled)
Guest (S-1-5-21-3432716916-1219727339-2741707856-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3432716916-1219727339-2741707856-1002 - Limited - Enabled)
MWG (S-1-5-21-3432716916-1219727339-2741707856-1004 - Administrator - Enabled) => C:\Users\MWG
Sandra Sue (S-1-5-21-3432716916-1219727339-2741707856-1003 - Limited - Enabled) => C:\Users\Sandra Sue
Yvonne (S-1-5-21-3432716916-1219727339-2741707856-1000 - Administrator - Enabled) => C:\Users\Yvonne
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2091.0 - Motorola)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.646.17836 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {038E4B8A-B55A-4760-9B4E-796249AE0781} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {1A9EF062-2483-4C12-A73A-0EAE2670A11F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7558A3EF-A712-4F4B-ABF3-35E46EF22C8F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {864F6376-14FC-47B2-91C1-58B00409497B} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {D3F145A7-D242-406B-99A1-E9B96BFDA1CF} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-08-10 15:35 - 2011-08-10 15:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-08-08 18:11 - 2011-08-08 18:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2010-04-07 20:07 - 2010-04-07 20:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 17:26 - 2009-11-03 17:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:15 - 2010-03-03 18:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-10-15 13:32 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 23:08 - 2009-03-12 23:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 21:38 - 2009-07-25 21:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-02-05 20:44 - 2010-02-05 20:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-06-04 00:47 - 2011-02-24 21:08 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-07-07 16:12 - 2011-07-07 16:12 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2011-06-04 00:47 - 2011-02-15 13:16 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2011-06-04 00:47 - 2011-02-15 13:15 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2011-06-04 00:47 - 2011-02-15 12:25 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2011-06-04 00:47 - 2011-02-24 20:39 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2016-07-14 22:44 - 2016-07-14 22:44 - 19483328 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD72228C-F03E-42DE-9EAF-CDA168AB6CE0}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{762A0E22-3559-40A3-A729-7133688BA1C8}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{9B6526C6-F259-4D42-BEC6-AAC888175C89}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{3DAA96BC-4128-493A-A769-8D78F6A90128}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{F8CC4B92-A780-4042-B97F-21343F09CF79}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A0D03C2D-CCC5-4403-B15D-A651506CCDB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{33750F64-5E74-4FF8-9386-C319835C59AD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5BE129EC-5CED-4D1C-B225-6CFF9D327298}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48CA58B9-1F68-4014-BD57-F18C94164C9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91EE6115-72EA-4E52-A49E-84D65C4AC257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DE025C88-985E-4A93-8914-4D9122E1743F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{604F6F94-A468-4CCB-8BF6-3CD09C2B5989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
==================== Restore Points =========================
22-01-2015 20:43:19 Windows Update
23-01-2015 22:58:12 Windows Update
24-01-2015 14:43:38 Windows Update
25-01-2015 20:21:33 Windows Update
25-01-2015 23:03:18 Windows Update
26-01-2015 22:54:48 Windows Update
20-06-2016 21:37:30 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/23/2016 05:17:43 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/23/2016 04:08:52 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/22/2016 08:01:06 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/21/2016 09:15:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/20/2016 10:10:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/18/2016 10:32:24 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/16/2016 11:05:49 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/15/2016 09:22:29 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type SnappCloud.ActivationReminder.Models.InitClientResponse. Encountered unexpected character '<'.
Stack Trace:
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(XmlDictionaryReader reader)
at System.Runtime.Serialization.Json.DataContractJsonSerializer.ReadObject(Stream stream)
at SnappCloud.ActivationReminder.AraClient.DeserializeJson[T](String json)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/14/2016 09:24:28 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
Error: (07/10/2016 10:07:32 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive.
Error Data:
(no response)
Stack Trace:
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
System errors:
=============
Error: (07/23/2016 04:07:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS
Error: (07/23/2016 04:07:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/22/2016 08:00:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS
Error: (07/22/2016 08:00:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/21/2016 09:12:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS
Error: (07/21/2016 09:12:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/20/2016 10:06:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS
Error: (07/20/2016 10:06:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (07/18/2016 10:31:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NIS
Error: (07/18/2016 10:31:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%2 = The system cannot find the file specified.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 97%
Total physical RAM: 2939.98 MB
Available physical RAM: 79.92 MB
Total Virtual: 5878.14 MB
Available Virtual: 2973.6 MB
==================== Drives ================================
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:174.66 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
==================== End of Addition.txt ============================