Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows 8.1 boots to desktop then takes forever to become responsive

Started by bytesize , Feb 09 2021 03:02 PM

Please log in to reply

#16
bytesize

Posted 10 February 2021 - 02:04 PM

Member

Topic Starter
Member
96 posts

I looked a little deeper into what we might be doing here and found we were resetting the windows updates components, the command was being used to rename the softwaredistribution folder so a new one is created, figured it wouldn't make any difference if I changed the name. Hope that was okay RKinner.

So I tried changing

ren %systemroot%\softwaredistribution softwaredistribution.bak

ren %systemroot%\softwaredistribution softwaredistribution.old

and it seemed to work

#17
bytesize

Posted 10 February 2021 - 02:17 PM

Member

Topic Starter
Member
96 posts

Here is the event viewer log

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 10/02/2021 12:53:29

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 05/02/2021 16:17:10

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 3f4 Start Time: 01d6fbda0dbbca29 Termination Time: 4294967295 Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe Report Id: 6dee6c4a-67cd-11eb-bfd8-48d224b1a2e8 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Log: 'Application' Date/Time: 05/02/2021 16:15:59

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: The application didn't start in the required time. See the Microsoft-Windows-TWinUI/Operational log for additional information.

Log: 'Application' Date/Time: 05/02/2021 16:15:57

Type: Error Category: 2414

Event: 2486 Source: Microsoft-Windows-Immersive-Shell

App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Log: 'Application' Date/Time: 05/02/2021 10:35:41

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7ec Start Time: 01d6fba9eb165c90 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: e03cb978-679d-11eb-bfd5-48d224b1a2e8 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 13:55:04

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:52

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/08/2020 11:07:28

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/08/2020 11:07:28

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 10/02/2021 09:39:10

Type: Warning Category: 0

Event: 6006 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> took 455 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 10/02/2021 09:32:35

Type: Warning Category: 0

Event: 6005 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> is taking a long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 09/02/2021 22:00:51

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 3952) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 07/02/2021 22:27:10

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:30

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:19

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:16

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:15

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:36

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:25

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:24

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 06/02/2021 11:32:56

Type: Warning Category: 3

Event: 472 Source: ESENT

LiveComm (2832) C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\: The shadow header page of file C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\DBStore\livecomm.edb was damaged. The primary header page (8192 bytes) was used instead.

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 1488) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe' (pid 4564) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 05/02/2021 10:14:47

Type: Warning Category: 0

Event: 6006 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> took 90 second(s) to handle the notification event (CreateSession).

#18
bytesize

Posted 10 February 2021 - 02:18 PM

Member

Topic Starter
Member
96 posts

So has it went from 455s to 90s

#19
RKinner

Posted 10 February 2021 - 02:27 PM

Malware Expert

Expert
24,625 posts

Try

ren %systemroot%\softwaredistribution softwaredistribution.ba2

#20
bytesize

Posted 10 February 2021 - 02:53 PM

Member

Topic Starter
Member
96 posts

As I say it worked with ren %systemroot%\softwaredistribution softwaredistribution.old

#21
RKinner

Posted 10 February 2021 - 04:26 PM

Malware Expert

Expert
24,625 posts

No, look at the dates.

Did you reboot before running VEW? If so the error is gone. If not please do so then rerun VEW.

Is there any improvement in startup time?

#22
bytesize

Posted 11 February 2021 - 04:06 PM

Member

Topic Starter
Member
96 posts

the startup time was great for about 3 boots now its as bad as ever, managed to run event viewer but it took ages to start log below.

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 11/02/2021 21:51:10

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 05/02/2021 16:17:10

Type: Error Category: 101

Event: 1002 Source: Application Hang

Log: 'Application' Date/Time: 05/02/2021 16:15:59

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Log: 'Application' Date/Time: 05/02/2021 16:15:57

Type: Error Category: 2414

Event: 2486 Source: Microsoft-Windows-Immersive-Shell

App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Log: 'Application' Date/Time: 05/02/2021 10:35:41

Type: Error Category: 101

Event: 1002 Source: Application Hang

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 13:55:04

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:52

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/08/2020 11:07:28

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/08/2020 11:07:28

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 10/02/2021 09:39:10

Type: Warning Category: 0

Event: 6006 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> took 455 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 10/02/2021 09:32:35

Type: Warning Category: 0

Event: 6005 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> is taking a long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 09/02/2021 22:00:51

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 3952) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 07/02/2021 22:27:10

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:30

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:19

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:16

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:15

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:36

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:25

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:24

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 06/02/2021 11:32:56

Type: Warning Category: 3

Event: 472 Source: ESENT

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 1488) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe' (pid 4564) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 05/02/2021 10:14:47

Type: Warning Category: 0

Event: 6006 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> took 90 second(s) to handle the notification event (CreateSession).

#23
RKinner

Posted 11 February 2021 - 09:36 PM

Malware Expert

Expert
24,625 posts

Let's run another fixlist to check some things and clear your alarms.

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix (This one will take about 25 minutes so be patient. It will reboot when done)
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan. Post both logs.

Attached Files

fixlist.txt 882bytes 198 downloads

#24
bytesize

Posted 12 February 2021 - 05:04 PM

Member

Topic Starter
Member
96 posts

Hi when I started it up this evening it was a lot quicker, but on the next boot it was as bad as ever. I know when the boot is going to be slow because the short cut icons on the desktop take ages before the little arrow at the bottom left corner appears or the arrow on the taskbar takes ages to appear. The fix took a lot longer than 25mins and I don't think it completed.

Here are the logs

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021

Ran by Rena (12-02-2021 21:32:25) Run:1

Running from E:\Rena

Loaded Profiles: Rena

Boot Mode: Normal

==============================================

fixlist content:

*****************

REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller" /s

FILE: c:\Windows\servicing\TrustedInstaller.exe

REG: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s

CMD: DISM /Online /Cleanup-Image /RestoreHealth

CMD: SFC /scannow

CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log

CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Reboot:

*****************

========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller" /s =========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller

BlockTimeIncrement REG_DWORD 0x384

PreshutdownTimeout REG_DWORD 0x36ee80

BlockTime REG_DWORD 0x2a30

DisplayName REG_SZ @%SystemRoot%\servicing\TrustedInstaller.exe,-100

ErrorControl REG_DWORD 0x1

Group REG_SZ ProfSvc_Group

ImagePath REG_EXPAND_SZ %SystemRoot%\servicing\TrustedInstaller.exe

Start REG_DWORD 0x3

Type REG_DWORD 0x10

Description REG_SZ @%SystemRoot%\servicing\TrustedInstaller.exe,-101

ObjectName REG_SZ localSystem

ServiceSidType REG_DWORD 0x1

FailureActions REG_BINARY 840300000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller\Security

Security REG_BINARY 0100148090000000A00000001400000034000000020020000100000002C0180000000C000102000000000005200000002002000002005C000400000000021400FF010F0001010000000000051200000000001800FF01020001020000000000052000000020020000000014008D010200010100000000000504000000000014008D0102000101000000000005060000000102000000000005200000002002000001020000000000052000000020020000

========= End of Reg: =========

========================= FILE: c:\Windows\servicing\TrustedInstaller.exe ========================

c:\Windows\servicing\TrustedInstaller.exe

Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1944_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat

File is digitally signed

MD5: 44A94FB4C76528D2382FFE04B05827C3

Creation and modification date: 2015-04-17 19:48 - 2014-10-29 01:19

Size: 000106496

Attributes: ----A

Company Name: Microsoft Windows -> Microsoft Corporation

Internal Name: TrustedInstaller.exe

Original Name: TrustedInstaller.exe

Product: Microsoft® Windows® Operating System

Description: Windows Modules Installer

File Version: 6.3.9600.17415 (winblue_r4.141028-1500)

Product Version: 6.3.9600.17415

VirusTotal: https://www.virustot...1e0c-1612393281

====== End of File: ======

========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit REG_SZ C:\Windows\system32\userinit.exe,

LegalNoticeText REG_SZ

Shell REG_SZ explorer.exe

LegalNoticeCaption REG_SZ

DebugServerCommand REG_SZ no

ForceUnlockLogon REG_DWORD 0x0

ReportBootOk REG_SZ 1

VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile

AutoRestartShell REG_DWORD 0x1

PowerdownAfterShutdown REG_SZ 0

ShutdownWithoutLogon REG_SZ 0

Background REG_SZ 0 0 0

PasswordExpiryWarning REG_DWORD 0x5

CachedLogonsCount REG_SZ 10

WinStationsDisabled REG_SZ 0

PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}

scremoveoption REG_SZ 0

ShutdownFlags REG_DWORD 0x80000033

EnableFirstLogonAnimation REG_DWORD 0x1

AutoLogonSID REG_SZ S-1-5-21-2117757934-2563609367-1956778120-1001

LastUsedUsername REG_SZ Rena

DisableCad REG_DWORD 0x1

AutoAdminLogon REG_SZ 1

DefaultUserName REG_SZ Rena

DefaultDomainName REG_SZ TOSH

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}

(Default) REG_SZ Wireless Group Policy

DllName REG_EXPAND_SZ wlgpclnt.dll

GenerateGroupPolicy REG_SZ GenerateWLANPolicy

ProcessGroupPolicyEx REG_SZ ProcessWLANPolicyEx

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @wlgpclnt.dll,-100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}

(Default) REG_SZ Central Access Policy Configuration

DllName REG_EXPAND_SZ auditcse.dll

GenerateGroupPolicy REG_SZ GenerateGroupPolicyCap

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyExCap

ForceRefreshFG REG_DWORD 0x0

MaxNoGPOListChangesInterval REG_DWORD 0x78

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @auditcse.dll,-4000

EnableAsynchronousProcessing REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}

(Default) REG_SZ Folder Redirection

DllName REG_EXPAND_SZ fdeploy.dll

GenerateGroupPolicy REG_SZ GenerateGroupPolicy

NoSlowLink REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx

NoGPOListChanges REG_DWORD 0x0

EventSources REG_MULTI_SZ (Folder Redirection,Application)

NoMachinePolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @fdeploy.dll,-261

PerUserLocalSettings REG_DWORD 0x1

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}

(Default) REG_SZ Microsoft Disk Quota

ProcessGroupPolicy REG_SZ ProcessGroupPolicy

DllName REG_EXPAND_SZ %SystemRoot%\System32\dskquota.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoSlowLink REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

NoMachinePolicy REG_DWORD 0x0

DisplayName REG_EXPAND_SZ @%SystemRoot%\System32\dskquota.dll,-100

PerUserLocalSettings REG_DWORD 0x0

EnableAsynchronousProcessing REG_DWORD 0x0

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}

(Default) REG_SZ QoS Packet Scheduler

ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy

DllName REG_EXPAND_SZ gptext.dll

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @gptext.dll,-201

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}

(Default) REG_SZ Remote Desktop USB Redirection

DllName REG_EXPAND_SZ %SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll,-100

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}

(Default) REG_SZ Internet Explorer Zonemapping

ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap

DllName REG_SZ C:\Windows\System32\iedkcs32.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}

DllName REG_SZ C:\Windows\System32\tsworkspace.dll

ProcessGroupPolicyEx REG_SZ RADCProcessGroupPolicyEx

NoMachinePolicy REG_DWORD 0x1

PerUserLocalSettings REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}

(Default) REG_SZ Work Folders

ProcessGroupPolicy REG_SZ ProcessGroupPolicy

DllName REG_EXPAND_SZ WorkFoldersGPExt.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoSlowLink REG_DWORD 0x0

NoGPOListChanges REG_DWORD 0x0

NoUserPolicy REG_DWORD 0x0

NoMachinePolicy REG_DWORD 0x0

DisplayName REG_EXPAND_SZ @WorkFoldersGPExt.dll,-261

PerUserLocalSettings REG_DWORD 0x0

EnableAsynchronousProcessing REG_DWORD 0x0

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}

(Default) REG_SZ Windows Search Group Policy Extension

ProcessGroupPolicy REG_SZ ProcessGroupPolicy

DllName REG_EXPAND_SZ %SystemRoot%\System32\srchadmin.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoSlowLink REG_DWORD 0x0

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x0

NoMachinePolicy REG_DWORD 0x0

PerUserLocalSettings REG_DWORD 0x0

EnableAsynchronousProcessing REG_DWORD 0x1

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}

(Default) REG_SZ Internet Explorer User Accelerators

ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities

DllName REG_SZ C:\Windows\System32\iedkcs32.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx

NoGPOListChanges REG_DWORD 0x1

DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}

(Default) REG_SZ Security

ExtensionRsopPlanningDebugLevel REG_DWORD 0x1

ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO

DllName REG_EXPAND_SZ scecli.dll

GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy

ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx

NoGPOListChanges REG_DWORD 0x1

MaxNoGPOListChangesInterval REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @(runtime.system32)\scecli.dll,-7650

ExtensionDebugLevel REG_DWORD 0x0

EnableAsynchronousProcessing REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}

(Default) REG_SZ Deployed Printer Connections

ProcessGroupPolicy REG_SZ PrinterProcessGroupPolicy

DllName REG_EXPAND_SZ %systemroot%\system32\gpprnext.dll

GenerateGroupPolicy REG_SZ PrinterGenerateGroupPolicy

RequiresSuccessfulRegistry REG_DWORD 0x0

ExtensionEventSource REG_SZ

NoSlowLink REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ PrinterProcessGroupPolicyEx

MaxNoGPOListChangesInterval REG_DWORD 0x0

NoGPOListChanges REG_DWORD 0x0

NotifyLinkTransition REG_DWORD 0x0

NoUserPolicy REG_DWORD 0x0

NoMachinePolicy REG_DWORD 0x0

DisplayName REG_EXPAND_SZ @%systemroot%\system32\gpprnext.dll,-1

PerUserLocalSettings REG_DWORD 0x0

EnableAsynchronousProcessing REG_DWORD 0x1

NoBackgroundPolicy REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}

(Default) REG_SZ 802.3 Group Policy

DllName REG_EXPAND_SZ dot3gpclnt.dll

GenerateGroupPolicy REG_SZ GenerateLANPolicy

ProcessGroupPolicyEx REG_SZ ProcessLANPolicyEx

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @dot3gpclnt.dll,-100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}

(Default) REG_SZ Windows To Go Startup Options

ProcessGroupPolicy REG_SZ ProcessLauncherGroupPolicy

DllName REG_EXPAND_SZ pwlauncher.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}

(Default) REG_SZ Windows To Go Hibernate Options

ProcessGroupPolicy REG_SZ ProcessHibernateGroupPolicy

DllName REG_EXPAND_SZ pwlauncher.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}

(Default) REG_SZ TCPIP

ProcessGroupPolicy REG_SZ ProcessTCPIPPolicy

DllName REG_EXPAND_SZ gptext.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @gptext.dll,-204

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

(Default) REG_SZ Internet Explorer Machine Accelerators

ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities

DllName REG_SZ C:\Windows\System32\iedkcs32.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx

NoGPOListChanges REG_DWORD 0x1

DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}

(Default) REG_SZ IP Security

DllName REG_EXPAND_SZ %SystemRoot%\System32\polstore.dll

GenerateGroupPolicy REG_SZ GenerateIPSECPolicy

ProcessGroupPolicyEx REG_SZ ProcessIPSECPolicyEx

NoGPOListChanges REG_DWORD 0x0

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @C:\Windows\System32\polstore.dll,-5012

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}

(Default) REG_SZ Audit Policy Configuration

DllName REG_EXPAND_SZ auditcse.dll

GenerateGroupPolicy REG_SZ GenerateGroupPolicy

ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx

ForceRefreshFG REG_DWORD 0x0

MaxNoGPOListChangesInterval REG_DWORD 0x3c0

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @auditcse.dll,-3000

EnableAsynchronousProcessing REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}

(Default) REG_SZ Enterprise QoS

ProcessGroupPolicy REG_SZ ProcessEQoSPolicy

DllName REG_EXPAND_SZ gptext.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @gptext.dll,-203

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}

(Default) REG_SZ CP

ProcessGroupPolicy REG_SZ ProcessConnectivityPlatformPolicy

DllName REG_EXPAND_SZ gptext.dll

RequiresSuccessfulRegistry REG_DWORD 0x1

NoGPOListChanges REG_DWORD 0x1

NoUserPolicy REG_DWORD 0x1

DisplayName REG_EXPAND_SZ @gptext.dll,-205

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

(Default) REG_SZ

DLLName REG_SZ igfxdev.dll

Asynchronous REG_DWORD 0x1

Impersonate REG_DWORD 0x1

Unlock REG_SZ WinlogonUnlockEvent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked

========= End of Reg: =========

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool

Version: 6.3.9600.19408

Image Version: 6.3.9600.19397

The restore operation completed successfully. The component store corruption was repaired.

The operation completed successfully.

========= End of CMD: =========

========= SFC /scannow =========

Fixing is terminated due to reaching maximum fixing time of 60 minutes. <==== ATTENTION

#25
bytesize

Posted 12 February 2021 - 05:08 PM

Member

Topic Starter
Member
96 posts

Other requested logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2021

Ran by Rena (administrator) on TOSH (TOSHIBA SATELLITE C50-A-157) (12-02-2021 22:50:14)

Running from E:\Rena

Loaded Profiles: Rena

Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)

Default browser: IE

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19750_none_fa39f32f9b2d0928\TiWorker.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe

(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(Toshiba Europe Gmbh -> Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] (TOSHIBA CORPORATION -> )

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-01-18] (Apple Inc. -> Apple Inc.)

HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"

HKLM\...\Run: [CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988 (the data entry has 7 more characters).

HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel® Services Manager -> Intel Corporation)

HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.) [File not signed]

HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA CORPORATION -> TOSHIBA)

HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () [File not signed]

HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

HKLM\...\Print\Monitors\Canon BJ Language Monitor MP460: C:\WINDOWS\system32\CNMLM81.DLL [235520 2008-04-03] (CANON INC.) [File not signed]

HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87152 2012-10-04] (Acro Software Inc -> )

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DDB73BB-E9A8-48C7-85F5-43E1321ED4B3} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}

Task: {3141AAC7-DE44-4B29-9D2D-F58CA6F46ABD} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}

Task: {38379ACB-BD0D-4662-AC1A-622A865E3BBA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)

Task: {62302DCB-5ABB-4B01-9E33-4A4297EF9042} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [475720 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)

Task: {7C0C03ED-4D20-4255-B657-BB8A2195D44E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}

Task: {94113DAE-5AF6-41F2-9112-6F1DB4BBC23E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [654440 2013-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)

Task: {94CD9053-54E4-4574-ADC3-46C128E1EEF8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}

Task: {B09D457D-4ECD-4215-A690-337F62C105F2} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated -> Synaptics Incorporated)

Task: {C7091753-EA4B-4124-971E-461DDC5534B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

Task: {CF4D8109-8321-4BB3-B5C3-7DEAB000322B} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2117757934-2563609367-1956778120-1001 => {F063A606-6748-4B89-82A0-3D19D94CE8D3} C:\Windows\System32\VaultRoaming.dll [92672 2014-10-29] (Microsoft Windows -> Microsoft)

Task: {F50F9C5A-8AB7-403A-AEC2-E4D19BF05AAA} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.132.1

Tcpip\..\Interfaces\{794DB99B-A736-4151-AF3D-3A33C40C313E}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{9783D14C-5110-47DD-AA37-8387218D8EFB}: [DhcpNameServer] 192.168.132.1

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Rena\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-09]

Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\Rena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-02-07]

FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] (DTS, Inc. -> )

R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]

R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe Gmbh -> Toshiba Europe GmbH)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)

S3 KMWDFILTER; C:\WINDOWS\System32\drivers\KMWDFILTER.sys [30208 2009-04-29] (MLK Technologies Limited -> Windows ® Codename Longhorn DDK provider)

R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)

S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2020-08-21] (Daniel Terhell -> Resplendence Software Projects Sp.)

R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [546304 2013-04-25] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)

R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [33168 2013-11-01] (TOSHIBA CORPORATION -> Windows ® Win 7 DDK provider)

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-10 12:51 - 2021-02-11 21:51 - 000010240 _____ C:\VEW.txt

2021-02-10 12:50 - 2021-02-10 09:19 - 000061440 _____ ( ) C:\Users\Rena\Desktop\VEW.exe

2021-02-10 10:08 - 2021-02-10 10:08 - 000004014 _____ C:\Users\Rena\Desktop\Hardware Interrupts and DPCs3.TXT

2021-02-10 10:01 - 2021-02-10 10:01 - 000004068 _____ C:\Users\Rena\Desktop\Hardware Interrupts and DPCs2.TXT

2021-02-10 09:45 - 2021-02-10 09:45 - 000004010 _____ C:\Users\Rena\Desktop\Hardware Interrupts and DPCs.txt

2021-02-09 23:16 - 2021-02-09 23:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon

2021-02-09 23:16 - 2021-02-09 23:16 - 000000000 ____D C:\Program Files\LatencyMon

2021-02-09 23:16 - 2020-08-21 09:36 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys

2021-02-09 23:15 - 2021-02-09 22:46 - 002252096 _____ (Resplendence Software Projects Sp. ) C:\Users\Rena\Desktop\LatencyMon.exe

2021-02-09 23:01 - 2021-02-09 23:01 - 000000819 _____ C:\Users\Public\Desktop\Speccy.lnk

2021-02-09 23:01 - 2021-02-09 23:01 - 000000819 _____ C:\ProgramData\Desktop\Speccy.lnk

2021-02-09 23:01 - 2021-02-09 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2021-02-09 23:01 - 2021-02-09 23:01 - 000000000 ____D C:\Program Files\Speccy

2021-02-09 22:59 - 2021-02-09 23:00 - 000005186 _____ C:\junk.txt

2021-02-09 22:55 - 2021-02-09 22:40 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Rena\Desktop\procexp.exe

2021-02-09 21:48 - 2021-01-12 06:07 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2021-02-09 21:48 - 2021-01-12 05:46 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2021-02-09 21:48 - 2021-01-12 05:44 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2021-02-09 21:48 - 2021-01-12 05:31 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2021-02-09 21:21 - 2021-02-12 22:50 - 000000000 ____D C:\FRST

2021-02-07 21:15 - 2021-02-07 21:15 - 000099084 _____ C:\ProgramData\vpn.uninstall.1612732487.bdinstall.v2.bin

2021-02-07 21:15 - 2021-02-07 21:15 - 000070784 _____ C:\ProgramData\agent.uninstall.1612732537.bdinstall.v2.bin

2021-02-07 20:55 - 2021-02-07 20:55 - 000387608 _____ C:\ProgramData\cl.uninstall.1612731158.bdinstall.v2.bin

2021-02-07 18:22 - 2021-02-07 18:22 - 000000000 ____D C:\Users\Rena\AppData\Roaming\WinBatch

2021-02-07 18:08 - 2021-02-07 18:09 - 045739147 _____ C:\Users\Rena\Downloads\wlesslan-20140127154948.zip

2021-02-07 17:43 - 2021-02-07 20:50 - 000000000 ____D C:\Program Files (x86)\BraveSoftware

2021-02-07 17:43 - 2021-02-07 20:03 - 000000000 ____D C:\Users\Rena\AppData\Local\BraveSoftware

2021-02-07 17:42 - 2021-02-07 17:42 - 001243488 _____ (BraveSoftware Inc.) C:\Users\Rena\Downloads\BraveBrowserSetup.exe

2021-02-07 12:48 - 2021-02-07 12:48 - 004357175 _____ C:\Users\Rena\Downloads\bios-20140625090211.zip

2021-02-07 11:30 - 2021-02-07 11:30 - 000000000 ____D C:\WINDOWS\pss

2021-02-06 11:37 - 2021-02-06 11:37 - 000196784 _____ C:\ProgramData\vpn.1612611384.bdinstall.v2.bin

2021-02-05 17:46 - 2021-02-05 17:46 - 000087460 _____ C:\ProgramData\agent.update.1612547184.bdinstall.v2.bin

2021-02-05 17:22 - 2021-02-05 17:22 - 000000000 ____D C:\ProgramData\dbg

2021-02-05 17:17 - 2021-02-05 17:17 - 000000000 ____D C:\ProgramData\Gemma

2021-02-05 17:17 - 2021-02-05 17:17 - 000000000 ____D C:\ProgramData\Atc

2021-02-05 17:04 - 2021-02-05 17:04 - 000782444 _____ C:\ProgramData\cl.1612544222.bdinstall.v2.bin

2021-02-05 17:04 - 2021-02-05 17:04 - 000102440 _____ C:\ProgramData\cl.kit.1612544204.bdinstall.v2.bin

2021-02-05 17:04 - 2021-02-05 17:04 - 000000000 ____D C:\ProgramData\48C4687D-9760-4F5B-BAB3-60351B0841E4

2021-02-05 17:01 - 2021-02-05 17:01 - 000000000 ____D C:\WINDOWS\system32\elambkup

2021-02-05 17:01 - 2021-02-05 17:01 - 000000000 ____D C:\ProgramData\BDLogging

2021-02-05 16:57 - 2021-02-07 21:38 - 000000000 ____D C:\Program Files\Bitdefender

2021-02-05 16:54 - 2021-02-05 16:54 - 000117360 _____ C:\ProgramData\agent.1612544050.bdinstall.v2.bin

2021-02-05 16:54 - 2021-02-05 16:54 - 000000000 ____D C:\ProgramData\Bitdefender Agent

2021-02-05 16:46 - 2021-02-05 16:46 - 013543464 _____ C:\Users\Rena\Downloads\bitdefender_windows_36cf5875-1c64-4b7a-8c3f-e7d86cf97267 (1).exe

2021-02-05 12:17 - 2021-02-05 12:17 - 013543464 _____ C:\Users\Rena\Downloads\bitdefender_windows_36cf5875-1c64-4b7a-8c3f-e7d86cf97267.exe

2021-02-05 10:41 - 2021-02-05 12:04 - 000000000 ____D C:\WINDOWS\softwaredistribution.old

2021-02-05 10:14 - 2021-02-06 12:21 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2021-02-05 10:14 - 2021-02-06 12:21 - 000002213 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2021-02-05 10:14 - 2021-02-06 12:21 - 000002213 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk

2021-02-05 10:13 - 2021-02-06 12:15 - 000003380 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2021-02-05 10:13 - 2021-02-06 12:15 - 000003252 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2021-02-05 10:13 - 2020-10-02 20:58 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2021-02-05 10:13 - 2020-10-02 20:58 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2021-02-04 22:50 - 2020-01-28 08:06 - 001677024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2021-02-04 22:50 - 2020-01-28 08:06 - 001500848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2021-02-04 22:49 - 2021-01-08 01:21 - 000514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2021-02-04 22:49 - 2021-01-08 01:13 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2021-02-04 22:49 - 2020-08-11 06:16 - 000376072 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2021-02-04 22:49 - 2020-08-11 04:33 - 000317176 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2021-02-04 22:49 - 2020-05-10 04:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax

2021-02-04 22:49 - 2020-05-10 03:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax

2021-02-04 22:49 - 2019-10-10 16:20 - 000044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2021-02-04 22:49 - 2019-09-06 13:17 - 000249856 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll

2021-02-04 22:49 - 2019-04-04 22:15 - 000513416 _____ C:\WINDOWS\SysWOW64\locale.nls

2021-02-04 22:49 - 2019-04-04 22:15 - 000513416 _____ C:\WINDOWS\system32\locale.nls

2021-02-04 22:49 - 2019-02-26 07:31 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2021-02-04 22:49 - 2018-10-25 00:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx

2021-02-04 22:49 - 2018-10-25 00:51 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx

2021-02-04 22:48 - 2019-10-10 15:50 - 000035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2021-02-04 22:48 - 2018-08-26 04:07 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-12 22:40 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2021-02-12 22:40 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf

2021-02-12 22:39 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI

2021-02-12 21:32 - 2012-07-26 07:59 - 000000000 ____D C:\WINDOWS\CbsTemp

2021-02-12 21:18 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\NDF

2021-02-10 19:53 - 2013-10-13 18:44 - 000000000 ____D C:\Users\Rena\AppData\Local\VirtualStore

2021-02-10 11:58 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\rescache

2021-02-10 11:25 - 2013-10-13 18:51 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2117757934-2563609367-1956778120-1001

2021-02-09 23:54 - 2013-08-22 15:36 - 000000000 ___RD C:\WINDOWS\ToastData

2021-02-09 23:54 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions

2021-02-09 23:54 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\System

2021-02-09 22:56 - 2013-09-30 04:11 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2021-02-09 22:00 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\catroot2.bak

2021-02-09 21:59 - 2013-10-13 19:50 - 000000000 ____D C:\WINDOWS\system32\MRT

2021-02-09 21:56 - 2013-10-13 19:50 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2021-02-09 21:27 - 2015-06-25 10:34 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task

2021-02-07 23:37 - 2014-01-06 13:45 - 000000000 ____D C:\Users\Rena\AppData\Local\ElevatedDiagnostics

2021-02-07 21:46 - 2013-10-18 20:47 - 000000000 ____D C:\Users\Rena

2021-02-07 20:42 - 2013-08-22 13:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM

2021-02-07 20:36 - 2013-10-14 19:33 - 000001371 _____ C:\Users\Rena\Desktop\shutdown.lnk

2021-02-07 18:30 - 2013-08-28 21:17 - 000000000 ____D C:\Program Files (x86)\Atheros

2021-02-07 17:35 - 2014-04-30 18:40 - 000000000 __RDO C:\Users\Rena\SkyDrive

2021-02-05 16:37 - 2018-04-29 09:13 - 000000000 ____D C:\ProgramData\Kaspersky Lab

2021-02-05 12:23 - 2012-07-26 08:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2021-02-05 12:22 - 2018-04-29 09:14 - 000000000 ____D C:\Program Files\Common Files\AV

2021-02-05 11:52 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2021-02-05 10:09 - 2013-08-22 14:44 - 000482648 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2021-02-04 23:27 - 2015-05-19 11:17 - 000000000 ____D C:\WINDOWS\system32\appraiser

2021-02-04 23:27 - 2015-04-26 11:55 - 000000000 ___SD C:\WINDOWS\system32\CompatTel

2021-02-04 23:27 - 2013-09-30 03:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB

2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\SysWOW64\setup

2021-02-04 23:27 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\system32\setup

2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\system32\oobe

2021-02-04 23:27 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\system32\Dism

==================== Files in the root of some directories ========

2018-05-29 10:20 - 2018-05-29 10:25 - 000004608 _____ () C:\Users\Rena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-02-09 22:16

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2021

Ran by Rena (12-02-2021 22:52:45)

Running from E:\Rena

Windows 8.1 (Update) (X64) (2013-10-18 22:33:15)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2117757934-2563609367-1956778120-500 - Administrator - Disabled)

Guest (S-1-5-21-2117757934-2563609367-1956778120-501 - Limited - Disabled)

Rena (S-1-5-21-2117757934-2563609367-1956778120-1001 - Administrator - Enabled) => C:\Users\Rena

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.23) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\{C90340A9-F592-4164-9480-FCE488C4BFF6}) (Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)

Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)

Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.9 - Qualcomm Atheros)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)

Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)

Brother MFL-Pro Suite DCP-197C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)

DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)

IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)

Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41663) (Version: 3.8.0.41663.61 - Intel)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

iTunes (HKLM\...\{D337F167-C622-43BE-B3FB-75C62C49143A}) (Version: 12.9.3.3 - Apple Inc.)

LatencyMon 7.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)

Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)

TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)

TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.02.6402 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)

Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Packages:

=========

Bing Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]

Bing News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.2.309_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]

Bing Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.2.317_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]

Bing Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.2.309_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]

Browser Choice -> C:\WINDOWS\BrowserChoice [2013-11-17] (Microsoft Corporation)

Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_2.3.3.6_x86__q4d96b2w5wcc2 [2014-08-17] (Evernote)

Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.2.0.Preview_1.0.9431.0_neutral__8wekyb3d8bbwe [2013-10-20] (Microsoft Platform Extensions)

Microsoft Windows Library for JavaScript -> C:\Program Files\WindowsApps\Microsoft.WinJS.Preview.1_1.0.9345.0_neutral__8wekyb3d8bbwe [2013-10-20] (Microsoft Platform Extensions)

National Rail Enquiries -> C:\Program Files\WindowsApps\NationalRailEnquiries.NationalRailEnquiries_1.4.0.89_neutral__7drgzh1seyt1w [2014-08-17] (TRAIN INFORMATION SERVICES LIMITED) [MS Ad]

Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2014-08-17] (Skype) [MS Ad]

The Telegraph -> C:\Program Files\WindowsApps\TelegraphMediaGroupLtd.TheTelegraph_2.0.1.134_x64__8zqgb9yvnry22 [2014-08-17] (Telegraph Media Group Ltd)

TOSHIBA Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_2.0.0.113_x64__679ekb9hp1h62 [2014-08-17] (sMedio)

Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.215.0_x64__8wekyb3d8bbwe [2014-08-17] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-11-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Rena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2013-10-24 14:54 - 2008-04-03 04:00 - 000235520 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLM81.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/

HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> DefaultScope {2B3F5F49-6B01-4204-815F-0F5F9255E975} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> {2B3F5F49-6B01-4204-815F-0F5F9255E975} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

Toolbar: HKU\S-1-5-21-2117757934-2563609367-1956778120-1001 -> No Name - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2021-02-07 20:38 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64

HKU\S-1-5-21-2117757934-2563609367-1956778120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rena\Pictures\Picasa\Backgrounds\picasabackground-001.bmp

DNS Servers: 192.168.132.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "HotKeysCmds"

HKLM\...\StartupApproved\Run: => "IgfxTray"

HKLM\...\StartupApproved\Run: => "Persistence"

HKLM\...\StartupApproved\Run: => "TecoResident"

HKLM\...\StartupApproved\Run: => "TCrdMain"

HKLM\...\StartupApproved\Run: => "TODDMain"

HKLM\...\StartupApproved\Run: => "TosWaitSrv"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run: => "WindowsDefender"

HKLM\...\StartupApproved\Run: => "CL-25-8AD1E6D3-68CD-4848-8B44-D3C2988F3FC7"

HKLM\...\StartupApproved\Run32: => "Intel AppUp® center"

HKLM\...\StartupApproved\Run32: => "1.TPUReg"

HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"

HKLM\...\StartupApproved\Run32: => "TSVU"

HKLM\...\StartupApproved\Run32: => "ControlCenter3"

HKLM\...\StartupApproved\Run32: => "PPort11reminder"

HKLM\...\StartupApproved\Run32: => "IndexSearch"

HKLM\...\StartupApproved\Run32: => "PaperPort PTD"

HKLM\...\StartupApproved\Run32: => "SSBkgdUpdate"

HKLM\...\StartupApproved\Run32: => "BrMfcWnd"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A0641E2C-DCC6-4C9C-9A6C-90F2A6AC6F73}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File

FirewallRules: [{7EA9DB80-9DBC-4096-851B-425945D05D39}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File

FirewallRules: [{43FB2A9A-E423-4F53-B1A0-57478817ADC0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File

FirewallRules: [{8AB78AA2-A88E-4D15-9601-009877D14BD2}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe => No File

FirewallRules: [{DE8E4AAD-09A3-4185-9122-4EAD5FDFCA35}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File

FirewallRules: [{CEC6D733-DC95-4D5D-B721-634A56C7C699}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe => No File

FirewallRules: [{CF21F639-95CE-46A8-B6E8-67410E2CE65F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File

FirewallRules: [{98A6B76F-4FA4-454C-9926-4026CABD5F0C}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe => No File

FirewallRules: [{D093F6DF-9861-4065-9969-7B64A7DF7C23}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)

FirewallRules: [{5C702716-70C5-4B62-BECC-1877FF401AA0}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{3F6C6AE0-F00D-42B1-BF9E-71CD23392B8A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File

FirewallRules: [{CD385FDA-2F89-4F0D-B99E-58DEEBCA93AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File

FirewallRules: [{E22D8C21-E9B4-427E-A1C5-961974A155F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File

FirewallRules: [{E48942BE-5EC3-4AFB-8D6D-8704AFF33AA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File

FirewallRules: [{A3934143-8605-467B-9B53-20CF5374BFB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

30-11-2019 19:06:47 Windows Update

04-02-2021 22:54:53 Windows Update

09-02-2021 21:55:57 Windows Update

09-02-2021 22:52:57 Removed Bonjour

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (02/11/2021 10:28:57 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fa0

Start Time: 01d700c47f541e92

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 76462203-6cb8-11eb-bffc-54bef742ca01

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14750

Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 14750

Error: (02/07/2021 08:04:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2021 04:17:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3f4

Start Time: 01d6fbda0dbbca29

Termination Time: 4294967295

Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report Id: 6dee6c4a-67cd-11eb-bfd8-48d224b1a2e8

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (02/05/2021 04:15:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TOSH)

Description: Activation of application windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/05/2021 04:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: TOSH)

Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Error: (02/05/2021 10:35:41 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 7ec

Start Time: 01d6fba9eb165c90

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e03cb978-679d-11eb-bfd5-48d224b1a2e8

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:

=============

Error: (02/12/2021 10:48:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Defender Service service failed to start due to the following error:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/12/2021 10:44:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Error: (02/12/2021 10:42:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Error: (02/12/2021 10:39:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Windows Modules Installer service did not shut down properly after receiving a pre-shutdown control.

Error: (02/12/2021 09:29:26 PM) (Source: DCOM) (EventID: 10010) (User: TOSH)

Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (02/12/2021 09:28:56 PM) (Source: DCOM) (EventID: 10010) (User: TOSH)

Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (02/11/2021 10:38:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.331.774.0).

Error: (02/11/2021 10:38:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Defender Service service failed to start due to the following error:

Windows Defender:

=================

Date: 2017-01-27 19:46:43.274

Description:

Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: Current

Error Code: 0x80073aba

Error description: The resource is too old to be compatible.

Signature version: 1.155.266.0;1.155.266.0

Engine version: 1.1.9700.0

CodeIntegrity:

=================

Date: 2021-02-12 22:48:08.555

Description:

Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-11 22:38:16.812

Description:

Date: 2021-02-11 22:20:25.042

Description:

Date: 2021-02-11 21:45:16.924

Description:

Date: 2021-02-10 18:22:34.967

Description:

Date: 2021-02-10 17:34:17.431

Description:

Date: 2021-02-10 12:08:16.791

Description:

Date: 2021-02-10 10:14:48.450

Description:

==================== Memory info ===========================

BIOS: Insyde Corp. 1.40 04/22/2014

Motherboard: Intel PT10F

Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 33%

Total physical RAM: 3971.27 MB

Available physical RAM: 2630.51 MB

Total Virtual: 4675.27 MB

Available Virtual: 3370.76 MB

==================== Drives ================================

Drive c: (TI31121600B) (Fixed) (Total:919.1 GB) (Free:848.01 GB) NTFS

Drive e: () (Removable) (Total:14.55 GB) (Free:14.52 GB) FAT32

\\?\Volume{3c74498c-ebc4-11e2-93aa-dfd0cd0b5165}\ (System) (Fixed) (Total:1 GB) (Free:0.62 GB) NTFS

\\?\Volume{24412888-280a-44c8-b2ec-378a1e597223}\ () (Fixed) (Total:0.34 GB) (Free:0 GB) NTFS

\\?\Volume{9de1046a-ee4e-4c0e-ba09-c07b468e4e78}\ (Recovery) (Fixed) (Total:10.69 GB) (Free:0.81 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================

Disk: 1 (Protective MBR) (Size: 14.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

#26
RKinner

Posted 13 February 2021 - 12:37 PM

Malware Expert

Expert
24,625 posts

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it (right click and Run As Admin) and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if it is any faster

Is there a reason you have Windows Defender disabled? Can you reenable it and see if it will update?

https://www.microsof...defenderupdates

#27
bytesize

Posted 14 February 2021 - 10:53 AM

Member

Topic Starter
Member
96 posts

Hi enabled Windows Defender think it was still off from when I uninstalled Bitdefender.

Ran ShellExView there were only 2 Microsoft Services in red, it seems to be booting up quicker now. Will I install Bitdefender again?

Thanks

#28
RKinner

Posted 14 February 2021 - 11:20 AM

Malware Expert

Expert
24,625 posts

You can install BitDefender if you want to. The problem before was that it had not really been installed completely.

Can I see new VEW logs?

#29
bytesize

Posted 14 February 2021 - 11:30 AM

Member

Topic Starter
Member
96 posts

Here are the logs

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 14/02/2021 17:25:43

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 10/02/2021 18:23:45

Type: Critical Category: 64

Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode

The device E:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 10/02/2021 18:23:42

Type: Critical Category: 64

Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode

A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 09/02/2021 20:28:40

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 09/02/2021 20:28:40

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/02/2021 23:08:20

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 07/02/2021 23:08:20

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/02/2021 21:45:43

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 07/02/2021 21:45:43

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/02/2021 21:05:08

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 07/02/2021 21:05:08

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/08/2019 16:30:16

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 21/02/2018 17:08:25

Type: Critical Category: 173

Event: 142 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error is caused because the system stopped responding and the hardware watchdog triggered a system reset.

Log: 'System' Date/Time: 21/02/2018 17:08:25

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/11/2017 17:21:29

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/10/2016 19:31:35

Type: Critical Category: 63

Event: 41 Source: Microsoft-Windows-Kernel-Power

The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/02/2021 17:01:02

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/02/2021 17:00:32

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/02/2021 16:31:48

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Windows Defender Service service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 14/02/2021 16:28:19

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 14/02/2021 16:26:19

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/02/2021 22:48:08

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

Log: 'System' Date/Time: 12/02/2021 22:44:39

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/02/2021 22:42:39

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/02/2021 22:39:14

Type: Error Category: 0

Event: 7043 Source: Service Control Manager

The Windows Modules Installer service did not shut down properly after receiving a pre-shutdown control.

Log: 'System' Date/Time: 12/02/2021 21:29:26

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 12/02/2021 21:28:56

Type: Error Category: 0

Event: 10010 Source: Microsoft-Windows-DistributedCOM

The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 11/02/2021 22:38:21

Type: Error Category: 1

Event: 20 Source: Microsoft-Windows-WindowsUpdateClient

Installation Failure: Windows failed to install the following update with error 0x80070643: Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.331.774.0).

Log: 'System' Date/Time: 11/02/2021 22:38:16

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

Log: 'System' Date/Time: 11/02/2021 22:29:37

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Intel® Management and Security Application User Notification Service service did not respond on starting.

Log: 'System' Date/Time: 11/02/2021 22:27:19

Type: Error Category: 0

Event: 7022 Source: Service Control Manager

The Security Center service did not respond on starting.

Log: 'System' Date/Time: 11/02/2021 22:27:09

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 11/02/2021 22:24:23

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 11/02/2021 22:20:25

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

Log: 'System' Date/Time: 11/02/2021 21:45:16

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

Log: 'System' Date/Time: 10/02/2021 18:23:16

Type: Error Category: 0

Event: 7011 Source: Service Control Manager

A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 14/02/2021 17:24:54

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 14/02/2021 17:23:31

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/02/2021 16:56:15

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name login.live.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 14/02/2021 16:46:33

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 14/02/2021 16:42:56

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 14/02/2021 16:37:41

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 14/02/2021 16:23:42

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 12/02/2021 23:12:15

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 12/02/2021 22:48:13

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 12/02/2021 22:40:00

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 12/02/2021 21:16:51

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 11/02/2021 22:54:48

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/02/2021 22:54:35

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 11/02/2021 22:11:53

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 11/02/2021 21:45:21

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\_??_USBSTOR#Disk&Ven_SanDisk&Prod_Cruzer_Edge&Rev_1.27#4C530001100409101311&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}.

Log: 'System' Date/Time: 11/02/2021 21:37:02

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 10/02/2021 21:26:56

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 10/02/2021 20:06:36

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 10/02/2021 19:52:29

Type: Warning Category: 0

Event: 48 Source: BTHUSB

The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 10/02/2021 19:39:32

Type: Warning Category: 1014

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name win8.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 14/02/2021 17:27:09

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 11/02/2021 22:28:57

Type: Error Category: 101

Event: 1002 Source: Application Hang

The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fa0 Start Time: 01d700c47f541e92 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 76462203-6cb8-11eb-bffc-54bef742ca01 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/02/2021 20:04:42

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 05/02/2021 16:17:10

Type: Error Category: 101

Event: 1002 Source: Application Hang

Log: 'Application' Date/Time: 05/02/2021 16:15:59

Type: Error Category: 5973

Event: 5973 Source: Microsoft-Windows-Immersive-Shell

Log: 'Application' Date/Time: 05/02/2021 16:15:57

Type: Error Category: 2414

Event: 2486 Source: Microsoft-Windows-Immersive-Shell

App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Log: 'Application' Date/Time: 05/02/2021 10:35:41

Type: Error Category: 101

Event: 1002 Source: Application Hang

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 14:41:00

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 29/01/2021 13:55:04

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:41:41

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:53

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 09/11/2020 15:40:52

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

Log: 'Application' Date/Time: 07/08/2020 11:07:28

Type: Error Category: 0

Event: 100 Source: Bonjour Service

The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 11/02/2021 22:17:38

Type: Warning Category: 3

Event: 472 Source: ESENT

LiveComm (1992) C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\: The shadow header page of file C:\Users\Rena\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\e2b56f441fa0d15d\120712-0049\DBStore\edb.chk was damaged. The primary header page (4096 bytes) was used instead.

Log: 'Application' Date/Time: 10/02/2021 09:39:10

Type: Warning Category: 0

Event: 6006 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> took 455 second(s) to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 10/02/2021 09:32:35

Type: Warning Category: 0

Event: 6005 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <TrustedInstaller> is taking a long time to handle the notification event (CreateSession).

Log: 'Application' Date/Time: 09/02/2021 22:00:51

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 3952) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 07/02/2021 22:27:10

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:12:00

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:30

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 22:08:19

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:16

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:56:15

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:36

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:52:25

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:45:08

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:35

Type: Warning Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/02/2021 11:41:24

Type: Warning Category: 0

Event: 6003 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 06/02/2021 11:32:56

Type: Warning Category: 3

Event: 472 Source: ESENT

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe' (pid 1488) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 05/02/2021 10:36:46

Type: Warning Category: 0

Event: 10010 Source: Microsoft-Windows-RestartManager

Application 'C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe' (pid 4564) cannot be restarted - Application SID does not match Conductor SID..