Jump to content


Photo

Tune Up help

Tune Up

  • Please log in to reply
12 replies to this topic

#1 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 29 August 2019 - 05:21 PM

Please help when you get a chance.  I have a Toshiba Satellite that might be on its last leg but I would like to give it another shot.  The problems might be hardware related but hopefully it is software. 

 

Computer restarts occasionally if bumped.  The blue screen comes up saying that Windows needs to be restarted...

 

A few pop ups occur during startup that I would like to get red of.

 

One says SVPWUTIL.exe - Bad Image

C:\windows\WinSxS\x86....is either not designed to run on Windows or it contains an error.

 

Another says TosNcCore.ext - Bad Image

C:\Program Files\Toshiba\BulletonBoard\TosNcUi.dll.  Same issue

 

Free editor tries to open an app and has trouble doing so.  Can this be cleared?

 

I also believe that Mcaffee and Windows defender run occasionally too at the same time as Malwarebytes. Can they be removed?

 

Hopefully this gives you enough info. My logs follow.

 

Thank you very much in advance!!!!

 

------------------------------------------

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/28/19
Scan Time: 9:15 PM
Log File: d678180e-ca02-11e9-a33b-705ab6c5c6f8.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12227
License: Premium

-System Information-
OS: Windows 10 (Build 10586.164)
CPU: x64
File System: NTFS
User: Toshiba-PC\Toshiba

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 352678
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 41 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2019
Ran by Toshiba (administrator) on TOSHIBA-PC (TOSHIBA Satellite A665) (29-08-2019 18:00:04)
Running from C:\Users\Toshiba\Downloads
Loaded Profiles: Toshiba (Available Profiles: Toshiba & DefaultAppPool)
Platform: Windows 10 Home Version 1511 10586.164 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\rUpdater\rUpdater_srv.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Toshiba\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Some Company) [File not signed] C:\Program Files\rUpdater\rUpdater_agent.exe
(SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [IntelWireless] => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company) [File not signed]
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) [File not signed]
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION) [File not signed]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC) [File not signed]
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] (DivX, LLC -> )
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-07-13] (Wondershare software CO., LIMITED -> )
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [265656 2015-06-14] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc -> Google Inc.)
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\Run: [f.lux] => C:\Users\Toshiba\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\RunOnce: [Uninstall C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Toshiba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-17] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-06-14] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{B65F237C-AAFF-4df7-8872-91B65663E41F}] -> C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll [2009-10-19] (TOSHIBA Corporation) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk [2017-03-13]
ShortcutTarget: utilman.lnk -> C:\Users\Toshiba\AppData\Local\utilman.exe (No File)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0357A71F-7404-40A1-8966-B0EBA1EE3589} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe [1457152 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {094155C3-CA9E-46D0-8863-CC4D1826F723} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0FF0C803-1597-42C0-A968-4D96CD8A0723} - no filepath
Task: {12799B7B-F499-4D4C-8C28-DBF0108AED55} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1387932E-F71F-43C1-B5F5-1E38CAB31CC7} - System32\Tasks\win4036e0 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win4036e0.dat <==== ATTENTION
Task: {14BE424B-8D7F-44B4-A43A-CCE7CE4D85A3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1D735869-C7FA-4A08-9AFA-A9ED0ECB20BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1DA261FC-27F5-430C-A545-0B9749CC64EE} - System32\Tasks\Toshiba Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {330AFF8A-79BC-4DCB-9830-A374B07CA104} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {331318C0-2871-432D-A918-70E039C429B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {35C72346-FA34-4550-BA74-EECB08D1189D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {379B48F2-FEB5-4C6B-82C2-F9549E1BD42C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {37A6383F-F58E-4F07-A620-F7DF7002BA24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A839EE0-7022-4182-881C-CEA8C8D0C1A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B6B10C4-3084-45FE-933A-F62963AD6F18} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {440A8B69-FE0C-44CF-92A8-ACCCCB5813D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B54970B-2346-4AA2-B915-053D590FCC83} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1662552 2018-05-22] (McAfee, Inc. -> McAfee, Inc.)
Task: {4DBF6269-C4A9-4AA2-9B1B-CF2D8488344A} - System32\Tasks\{59FFAE28-6469-4C3D-B026-04D6F6AE49E5} => C:\windows\system32\pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {515E6CD2-1442-4EAC-9408-D0F15878348D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {55721D81-46C3-4865-8C7B-CBA3EE3A36A8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {5971908B-257B-4010-9021-32B8E254BE4E} - System32\Tasks\Toshiba => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812256 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {5A7C360C-C58E-4A16-A95D-1471F182F44E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5A988F08-04BA-47F7-83B4-D6FE29D6F805} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60AAA4E8-B8F7-4AFF-8414-44763E5E4EBA} - System32\Tasks\Toshiba DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {682B6728-0EFD-496A-8C06-90CAC07671BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
Task: {691896F1-CFB1-4868-9F13-A972C9B54613} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {706E113C-E504-4777-98E7-8C48B12CFA0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [143659408 2016-03-10] (Microsoft Windows -> Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [39936 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
Task: {73B57B1C-B8C2-441D-9E7F-4FC723DF7EB6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {75DC0802-50A5-4896-A091-CB2E79CC9614} - no filepath
Task: {7E8F15B4-32EC-4329-8E8B-7341BF6DDA4A} - no filepath
Task: {82B5DE0B-2C9C-4CC6-9365-6602C223BFA3} - System32\Tasks\Toshiba Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812256 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {83D1C178-979A-4BE5-8194-BD7333FF2BEC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88C285A5-C34A-4578-9879-5D167A39E1B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8938434C-B1AE-4778-8738-F573F6504197} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [143659408 2016-03-10] (Microsoft Windows -> Microsoft Corporation)
Task: {8D9BBFBB-A29A-491A-A69A-0934C87438C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8F4608B4-B913-40A0-97CA-9779D71E1A4D} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {91C699FD-E979-4E67-9D0E-E99ADF0E68A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {942CCB8E-7EFF-41E7-953D-777051370BA8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {99834018-531B-448C-A1D5-452513CAD828} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B55AE89-4514-4473-91BA-79DE47BDAC57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {9E3BCBB2-3130-40DB-9863-670A1DC2FCC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {A560D430-AF99-4369-B4D3-0D30C5145BEF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5A2B8C7-46A7-4B7D-BE48-BFC516810EC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A6D62008-06DA-4630-A728-5A84EEF8395C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ABED962C-BB15-436C-A11F-00A51A70A9EC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE6772F1-1B27-41AB-A8E0-9B955B2AEE67} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B17F7F8A-AAFE-4F5A-9974-3ED7AB7550C6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B39B5B34-1D06-49F0-AA98-9B53957C7247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B89617F4-D574-417F-8259-C8F72DFAF273} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CA9356D4-A0E0-4981-9E22-7B51E9DA205C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D2CF2DCD-B067-4247-AF98-D16061028282} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC170B09-5A79-4FFA-B8C8-B30BC38F4502} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E30E2944-43F5-4DCE-AAD6-56077E9F5144} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4CB7D47-A609-4CC8-9B17-014E8B1219CC} - System32\Tasks\win403700 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win403700.dat <==== ATTENTION
Task: {E6FC1A2F-B6AF-4830-ABF6-EFBA95D18E29} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E855F70D-C157-4CDB-AB4C-83D8EF030D59} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1912608 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {E9C74AC3-61B6-4189-A6CA-FAF3FADA037B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {EB422714-A60C-4CC3-ACA2-5A86E4FCE48E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F14A439B-F2B8-4818-A935-7302DB866B42} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F1F11881-19C4-4039-8B14-818419E0C33E} - no filepath
Task: {F622B2AD-4483-416C-900E-BA71002A1CBB} - no filepath
Task: {F8F10416-C040-49CC-8D29-C9CD793AC985} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FBD5DE8E-A89E-4826-82CF-F8295E104F73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{fdc844f0-aba4-4a39-a3db-4a202c94e71d}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {FB1DA9E1-F9BE-4092-AAE0-568CE0669C47} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {FB1DA9E1-F9BE-4092-AAE0-568CE0669C47} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {4FE5E16C-8F2D-496E-AEA3-DBDAADE18D63} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {4FE5E16C-8F2D-496E-AEA3-DBDAADE18D63} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {CC1B4EFE-3FD5-4245-88F4-A623CE00D3D3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20120901&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {F988B9EE-CBF8-4322-9D91-7962670B14DB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-04] (McAfee, LLC -> McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC -> DivX, LLC)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-07-13] (Wondershare software CO., LIMITED -> Wondershare)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-14] (Google Inc -> Google Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-04] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (TOSHIBA CORPORATION -> <TOSHIBA>)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-14] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://cashwise.lifepics.com/net/Uploader/LPUploader57.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: tc2tjp8k.default-1457150045371
FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371 [2019-08-29]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-22]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
FF SearchPlugin: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-04]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-13] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-13] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] (Apple Inc. -> )
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc. -> McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default [2019-08-21]
CHR Extension: (Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Rescroller) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod [2016-08-09]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2019-08-21]
CHR Extension: (Google Docs Offline) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
CHR Extension: (AdBlock) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-25]
CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-20]
CHR Extension: (Chrome Media Router) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-21]
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-01-08]
CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\System Profile [2016-03-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed]
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-07-27] (Macrovision Europe Ltd.) [File not signed]
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] (Canon Inc. -> )
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-09-19] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [900288 2019-07-04] (McAfee, LLC -> McAfee, Inc.)
R2 rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [98304 2015-04-25] () [File not signed]
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation -> Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Microsoft Windows -> Windows ® Win 7 DDK provider)
S3 emAudio; C:\WINDOWS\system32\drivers\emAudio64.sys [79872 2008-04-03] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-07-20] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-07-20] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-08-29] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-07-20] (Malwarebytes Corporation -> Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Microsoft Windows -> Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [654720 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [943872 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
R3 wdkmd; C:\WINDOWS\System32\drivers\WDKMD.sys [36760 2009-12-17] (Wireless Display -> Intel Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

Error(1) reading file: "C:\Users\Public\Desktop\ABPTS Orientation Materials "
Error(1) reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABPTS Orientation Materials "
2019-08-29 18:00 - 2019-08-29 18:02 - 000048076 _____ C:\Users\Toshiba\Downloads\FRST.txt
2019-08-29 17:59 - 2019-08-29 17:59 - 000000000 ____D C:\Users\Toshiba\Downloads\FRST-OlderVersion
2019-08-28 22:32 - 2019-08-28 22:32 - 000001230 _____ C:\Users\Toshiba\Desktop\Aug2019.txt
2019-08-28 21:00 - 2019-08-28 21:00 - 000262004 _____ C:\WINDOWS\Minidump\082819-189906-01.dmp
2019-08-28 20:46 - 2019-08-29 17:59 - 001613824 _____ (Farbar) C:\Users\Toshiba\Downloads\FRST64.exe
2019-08-25 20:51 - 2019-08-25 20:51 - 000312898 _____ C:\Users\Toshiba\Desktop\12,0,1,2,2,1,1,0,0,0,4,6,6,0.04,0.1,0.1,-2,0,0,0.pdf
2019-08-21 17:55 - 2019-08-21 17:55 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{0328F38D-80F5-467D-9419-8BB0E5CC63EC}
2019-08-20 19:33 - 2019-08-20 20:33 - 357660952 _____ C:\Users\Toshiba\Desktop\My 2019 vid.wmv
2019-08-20 19:22 - 2019-08-20 19:22 - 000159132 _____ C:\WINDOWS\Minidump\082019-26203-01.dmp
2019-08-20 19:07 - 2019-08-20 19:07 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{A3F5A3F4-15AC-4ACE-8D3C-8DC5156059AF}
2019-08-20 18:33 - 2019-08-20 18:34 - 000248956 _____ C:\WINDOWS\Minidump\082019-39140-01.dmp
2019-08-19 22:32 - 2019-08-19 22:32 - 000000000 _____ C:\WINDOWS\Minidump\081919-29562-01.dmp
2019-08-18 16:40 - 2019-08-18 16:40 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{F2129919-4AC0-426E-9EA0-238D6EC51EBF}
2019-08-18 14:50 - 2019-08-18 20:48 - 000000000 ____D C:\Users\Toshiba\Desktop\2019 songs
2019-08-18 14:40 - 2019-08-18 14:40 - 000261948 _____ C:\WINDOWS\Minidump\081819-28000-01.dmp
2019-08-16 16:49 - 2019-08-16 16:50 - 000262020 _____ C:\WINDOWS\Minidump\081619-27734-01.dmp
2019-08-14 21:55 - 2019-08-16 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-08-14 07:12 - 2019-08-14 07:12 - 000191956 _____ C:\WINDOWS\Minidump\081419-30171-01.dmp
2019-08-07 22:47 - 2019-08-07 22:48 - 000157876 _____ C:\WINDOWS\Minidump\080719-26765-01.dmp
2019-08-06 13:43 - 2019-08-06 13:43 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{69B4C442-8C79-43BA-88ED-70FB543682C7}
2019-08-05 13:59 - 2019-08-05 13:59 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{360559C8-437E-440A-BDE0-FE8BE644FFEE}
2019-08-04 22:21 - 2019-08-04 22:21 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{66847BC0-C835-43B7-8545-93B4AC0C0FFF}
2019-08-04 10:20 - 2019-08-04 10:20 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{34E6E439-2CA0-49E8-AE8C-A9623762DDD9}
2019-08-03 20:29 - 2019-08-03 20:29 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{D93E8714-73E2-403A-988D-610785723945}
2019-08-03 11:06 - 2019-08-20 19:32 - 000219113 _____ C:\Users\Toshiba\Desktop\My 2019.wlmp
2019-08-03 09:18 - 2019-08-03 10:36 - 423696988 _____ C:\Users\Toshiba\Desktop\2019.wmv
2019-08-02 16:42 - 2019-08-03 08:01 - 000000000 ____D C:\Users\Toshiba\AppData\Local\{8727C09E-C22C-4008-B8BE-9B01D20D4000}
2019-07-31 19:57 - 2019-07-31 19:58 - 000210060 _____ C:\WINDOWS\Minidump\073119-31203-01.dmp
2019-07-30 18:39 - 2019-07-30 18:40 - 000262004 _____ C:\WINDOWS\Minidump\073019-35687-01.dmp

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-29 18:01 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-29 18:00 - 2014-12-23 20:59 - 000000000 ____D C:\FRST
2019-08-29 17:56 - 2016-11-16 21:48 - 000000000 ____D C:\Users\Toshiba\AppData\LocalLow\Mozilla
2019-08-29 17:52 - 2019-07-20 09:15 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-08-29 17:52 - 2019-07-20 09:14 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-08-29 17:51 - 2015-11-26 11:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-29 17:11 - 2015-10-30 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-28 21:00 - 2016-01-20 20:46 - 000000000 ____D C:\WINDOWS\Minidump
2019-08-28 20:31 - 2015-11-26 10:49 - 001009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-28 20:31 - 2015-10-30 02:21 - 000000000 ____D C:\WINDOWS\INF
2019-08-27 10:52 - 2016-11-27 01:20 - 000000000 ____D C:\Users\Toshiba\AppData\Local\ClassicShell
2019-08-27 10:32 - 2015-11-26 10:50 - 000000000 ____D C:\Users\Toshiba
2019-08-21 18:08 - 2018-07-14 18:16 - 000000000 ____D C:\Users\Toshiba\AppData\Roaming\Anvsoft
2019-08-20 14:12 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-17 20:44 - 2013-01-19 23:50 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-16 16:49 - 2012-05-03 09:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-16 16:36 - 2011-09-17 23:25 - 000001161 ___HT C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-08-13 20:07 - 2019-07-21 21:19 - 000000000 ____D C:\Users\Toshiba\Desktop\extra phone
2019-08-02 23:26 - 2018-07-15 14:14 - 000001975 _____ C:\Users\Toshiba\Desktop\AVStoDVD.lnk
2019-08-02 23:26 - 2010-07-28 22:30 - 000001890 _____ C:\Users\Toshiba\Desktop\Photoshop - Shortcut.lnk
2019-08-02 23:26 - 2010-07-22 17:58 - 000000910 _____ C:\Users\Toshiba\Desktop\Downloads.lnk
2019-08-02 21:23 - 2018-08-30 20:41 - 000000000 ____D C:\Users\Toshiba\Desktop\Aug2018
2019-08-02 21:17 - 2018-08-30 20:44 - 000000000 ____D C:\Users\Toshiba\Desktop\Oregon and Grace's 9th
2019-08-02 17:57 - 2018-09-03 09:16 - 000000000 ____D C:\Users\Toshiba\Desktop\New media
2019-08-02 17:13 - 2018-11-02 21:26 - 000000000 ____D C:\Users\Toshiba\Desktop\Sept Nov 2018
2019-08-02 17:09 - 2018-11-04 21:53 - 000000000 ____D C:\Users\Toshiba\Desktop\Sept Nov 2018 more

==================== Files in the root of some directories ================

2017-04-27 13:01 - 2017-04-27 13:01 - 007649280 _____ () C:\Program Files (x86)\GUTDB3A.tmp
2016-07-09 11:31 - 2016-07-09 11:31 - 000000132 _____ () C:\Users\Toshiba\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-05-04 21:29 - 2015-05-04 21:29 - 000000024 _____ () C:\Users\Toshiba\AppData\Roaming\splitterdirectorys.txt
2011-07-12 17:15 - 2013-07-08 11:21 - 000000650 _____ () C:\Users\Toshiba\AppData\Roaming\wklnhst.dat
2011-10-07 15:39 - 2011-10-07 15:39 - 000000291 _____ () C:\Users\Toshiba\AppData\Roaming\Microsoft\25BF.tmp
2011-10-07 16:48 - 2011-10-07 17:03 - 000000291 _____ () C:\Users\Toshiba\AppData\Roaming\Microsoft\83AF.tmp
2011-10-07 16:21 - 2011-10-07 16:21 - 000000291 _____ () C:\Users\Toshiba\AppData\Roaming\Microsoft\8D8F.tmp
2011-10-07 15:37 - 2011-10-07 15:38 - 000000291 _____ () C:\Users\Toshiba\AppData\Roaming\Microsoft\8F89.tmp
2011-10-07 17:21 - 2011-10-07 17:21 - 000000291 _____ () C:\Users\Toshiba\AppData\Roaming\Microsoft\A89D.tmp
2013-01-19 23:20 - 2013-01-19 23:20 - 000003584 _____ () C:\Users\Toshiba\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-25 08:09 - 2010-11-25 08:09 - 000000000 ____H () C:\Users\Toshiba\AppData\Local\Kfikaniqeribe.bin
2011-06-27 09:42 - 2011-06-27 13:34 - 000011710 ___SH () C:\Users\Toshiba\AppData\Local\q2vxq1410ue0yy561reex8730pt3874ljk4fk521f
2010-11-25 08:09 - 2010-11-25 19:01 - 000000120 ____H () C:\Users\Toshiba\AppData\Local\Slovusexuyo.dat
2011-07-15 15:10 - 2011-07-15 15:10 - 000001594 ___SH () C:\Users\Toshiba\AppData\Local\vvgo2823x2r50oejm
2016-09-09 16:28 - 2016-09-09 16:28 - 000000000 _____ () C:\Users\Toshiba\AppData\Local\{F864FB53-C70A-49C8-81B6-AA6FCF284C38}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2016-03-12 21:03
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2019
Ran by Toshiba (29-08-2019 18:03:49)
Running from C:\Users\Toshiba\Downloads
Windows 10 Home Version 1511 10586.164 (X64) (2015-11-26 16:28:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2844220627-2807872682-970000197-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2844220627-2807872682-970000197-503 - Limited - Disabled)
Guest (S-1-5-21-2844220627-2807872682-970000197-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2844220627-2807872682-970000197-1002 - Limited - Enabled)
Toshiba (S-1-5-21-2844220627-2807872682-970000197-1001 - Administrator - Enabled) => C:\Users\Toshiba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_b741c3c52d3108664cedeb2b76f6d96) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Any DVD Converter Professional 6.2.4 (HKLM-x32\...\Any DVD Converter Professional_is1) (Version:  - Any-DVD-Converter.com)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}) (Version:  - ArcSoft)
AudioConverter (HKLM-x32\...\AudioConverter) (Version:  - PerformerSoft LLC) <==== ATTENTION
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
AVStoDVD 2.8.7 (HKLM-x32\...\AVStoDVD) (Version: 2.8.7 - MrC)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Canon CanoScan LiDE 110 User Registration (HKLM-x32\...\Canon CanoScan LiDE 110 User Registration) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon PowerShot SX280 HS and SX270 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX280HSandSX270HS) (Version: 1.0.0.1 - Canon Inc.)
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version:  - Canon Inc.)
CardRecoveryPro 2.6.5 (HKLM-x32\...\{D9E1CADA-D103-47AE-B3F8-0C0CD0E5856E}_is1) (Version: 2.6.5 - LionSea Software co., ltd)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Versi


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 30 August 2019 - 07:07 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Remove these programs in bold via the Control Panel > Programs > Programs and Features.
VideoConverter (HKLM-x32\...\VideoConverter) (Version:  - PerformerSoft LLC) <==== ATTENTION
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start::
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk [2017-03-13]
ShortcutTarget: utilman.lnk -> C:\Users\Toshiba\AppData\Local\utilman.exe (No File)
Task: {0FF0C803-1597-42C0-A968-4D96CD8A0723} - no filepath
Task: {1387932E-F71F-43C1-B5F5-1E38CAB31CC7} - System32\Tasks\win4036e0 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win4036e0.dat <==== ATTENTION
Task: {E4CB7D47-A609-4CC8-9B17-014E8B1219CC} - System32\Tasks\win403700 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win403700.dat <==== ATTENTION
Task: {1D735869-C7FA-4A08-9AFA-A9ED0ECB20BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {330AFF8A-79BC-4DCB-9830-A374B07CA104} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {331318C0-2871-432D-A918-70E039C429B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {515E6CD2-1442-4EAC-9408-D0F15878348D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {75DC0802-50A5-4896-A091-CB2E79CC9614} - no filepath
Task: {7E8F15B4-32EC-4329-8E8B-7341BF6DDA4A} - no filepath
Task: {83D1C178-979A-4BE5-8194-BD7333FF2BEC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88C285A5-C34A-4578-9879-5D167A39E1B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8D9BBFBB-A29A-491A-A69A-0934C87438C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE6772F1-1B27-41AB-A8E0-9B955B2AEE67} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B39B5B34-1D06-49F0-AA98-9B53957C7247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B89617F4-D574-417F-8259-C8F72DFAF273} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CA9356D4-A0E0-4981-9E22-7B51E9DA205C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1F11881-19C4-4039-8B14-818419E0C33E} - no filepath
Task: {F622B2AD-4483-416C-900E-BA71002A1CBB} - no filepath
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {CC1B4EFE-3FD5-4245-88F4-A623CE00D3D3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20120901&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {F988B9EE-CBF8-4322-9D91-7962670B14DB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{F820A5CD-9FF5-4D46-B56C-108A52EDC908}] => (Allow) C:\Users\Toshiba\AppData\Local\Temp\nskD8D0.tmp\CnetInstaller-76115949.exe No File
FirewallRules: [{1B42C992-CC64-4184-8AFD-A9AD4A721A37}] => (Allow) C:\Users\Toshiba\AppData\Local\Temp\nskD8D0.tmp\CnetInstaller-76115949.exe No File
FirewallRules: [{50AD63C8-B7C6-4E50-9BE6-414A5C06D1F9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{7AC3336A-B917-4C60-B370-363826DB0471}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{281661F8-0C56-4DA7-B2C3-CD058D16B50A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{C15C1633-606F-4711-8CB9-DD69A92B7979}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{C7737ADC-C79E-4718-BB24-85A6C01EFBC6}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe No File
FirewallRules: [{C98FAA3F-9295-4193-99FD-4B53421EFAC5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{4998A07A-4C85-44C5-B1EE-661A22A010D0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{228ED914-B1A2-4403-8CD7-1FC2507A089A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{4C93807A-5791-477F-8B8F-49F3F6EF26FC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{27563D42-55E4-4B7B-B465-EB0E4E625D57}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{35151739-D7F5-4751-B759-BA9330CCEC41}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
 
C:\Program Files\TrueKey
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
Reboot:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Let me know of any remaining issues with this computer.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 30 August 2019 - 11:34 AM

Thank you for the help.  I believe that I was able to do everything that you asked.

 

Here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2019
Ran by Toshiba (30-08-2019 12:29:05) Run:1
Running from C:\Users\Toshiba\Downloads
Loaded Profiles: Toshiba &  (Available Profiles: Toshiba & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] -> C:\Program Files\TrueKey\McAfee.TrueKey.CredentialProvider.dll [2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk [2017-03-13]
ShortcutTarget: utilman.lnk -> C:\Users\Toshiba\AppData\Local\utilman.exe (No File)
Task: {0FF0C803-1597-42C0-A968-4D96CD8A0723} - no filepath
Task: {1387932E-F71F-43C1-B5F5-1E38CAB31CC7} - System32\Tasks\win4036e0 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win4036e0.dat <==== ATTENTION
Task: {E4CB7D47-A609-4CC8-9B17-014E8B1219CC} - System32\Tasks\win403700 => \.\globalroot\Device\HarddiskVolume2\Users\Toshiba\AppData\Local\Temp\win403700.dat <==== ATTENTION
Task: {1D735869-C7FA-4A08-9AFA-A9ED0ECB20BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {330AFF8A-79BC-4DCB-9830-A374B07CA104} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {331318C0-2871-432D-A918-70E039C429B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {515E6CD2-1442-4EAC-9408-D0F15878348D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {75DC0802-50A5-4896-A091-CB2E79CC9614} - no filepath
Task: {7E8F15B4-32EC-4329-8E8B-7341BF6DDA4A} - no filepath
Task: {83D1C178-979A-4BE5-8194-BD7333FF2BEC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88C285A5-C34A-4578-9879-5D167A39E1B4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8D9BBFBB-A29A-491A-A69A-0934C87438C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AE6772F1-1B27-41AB-A8E0-9B955B2AEE67} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B39B5B34-1D06-49F0-AA98-9B53957C7247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B89617F4-D574-417F-8259-C8F72DFAF273} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CA9356D4-A0E0-4981-9E22-7B51E9DA205C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1F11881-19C4-4039-8B14-818419E0C33E} - no filepath
Task: {F622B2AD-4483-416C-900E-BA71002A1CBB} - no filepath
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U303DF&PC=U303&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {CC1B4EFE-3FD5-4245-88F4-A623CE00D3D3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20120901&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> {F988B9EE-CBF8-4322-9D91-7962670B14DB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\siteadvisor\mcieplg.dll No File
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [not found]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1000824 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2018-05-14] (McAfee, Inc. -> McAfee, LLC.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2018-05-14] (McAfee, Inc. -> McAfee, Inc.)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
FirewallRules: [{F820A5CD-9FF5-4D46-B56C-108A52EDC908}] => (Allow) C:\Users\Toshiba\AppData\Local\Temp\nskD8D0.tmp\CnetInstaller-76115949.exe No File
FirewallRules: [{1B42C992-CC64-4184-8AFD-A9AD4A721A37}] => (Allow) C:\Users\Toshiba\AppData\Local\Temp\nskD8D0.tmp\CnetInstaller-76115949.exe No File
FirewallRules: [{50AD63C8-B7C6-4E50-9BE6-414A5C06D1F9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{7AC3336A-B917-4C60-B370-363826DB0471}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{281661F8-0C56-4DA7-B2C3-CD058D16B50A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{C15C1633-606F-4711-8CB9-DD69A92B7979}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{C7737ADC-C79E-4718-BB24-85A6C01EFBC6}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe No File
FirewallRules: [{C98FAA3F-9295-4193-99FD-4B53421EFAC5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{4998A07A-4C85-44C5-B1EE-661A22A010D0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{228ED914-B1A2-4403-8CD7-1FC2507A089A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{4C93807A-5791-477F-8B8F-49F3F6EF26FC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe No File
FirewallRules: [{27563D42-55E4-4B7B-B465-EB0E4E625D57}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe No File
FirewallRules: [{35151739-D7F5-4751-B759-BA9330CCEC41}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe No File
 
C:\Program Files\TrueKey
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
Reboot:
 

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED} => removed successfully
HKLM\Software\Classes\CLSID\{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED} => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk => moved successfully
"C:\Users\Toshiba\AppData\Local\utilman.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FF0C803-1597-42C0-A968-4D96CD8A0723}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF0C803-1597-42C0-A968-4D96CD8A0723}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1387932E-F71F-43C1-B5F5-1E38CAB31CC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1387932E-F71F-43C1-B5F5-1E38CAB31CC7}" => removed successfully
C:\WINDOWS\System32\Tasks\win4036e0 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win4036e0" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4CB7D47-A609-4CC8-9B17-014E8B1219CC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4CB7D47-A609-4CC8-9B17-014E8B1219CC}" => removed successfully
C:\WINDOWS\System32\Tasks\win403700 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win403700" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D735869-C7FA-4A08-9AFA-A9ED0ECB20BB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D735869-C7FA-4A08-9AFA-A9ED0ECB20BB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330AFF8A-79BC-4DCB-9830-A374B07CA104}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330AFF8A-79BC-4DCB-9830-A374B07CA104}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{331318C0-2871-432D-A918-70E039C429B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331318C0-2871-432D-A918-70E039C429B7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{515E6CD2-1442-4EAC-9408-D0F15878348D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{515E6CD2-1442-4EAC-9408-D0F15878348D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75DC0802-50A5-4896-A091-CB2E79CC9614}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75DC0802-50A5-4896-A091-CB2E79CC9614}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E8F15B4-32EC-4329-8E8B-7341BF6DDA4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E8F15B4-32EC-4329-8E8B-7341BF6DDA4A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83D1C178-979A-4BE5-8194-BD7333FF2BEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83D1C178-979A-4BE5-8194-BD7333FF2BEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88C285A5-C34A-4578-9879-5D167A39E1B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C285A5-C34A-4578-9879-5D167A39E1B4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D9BBFBB-A29A-491A-A69A-0934C87438C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D9BBFBB-A29A-491A-A69A-0934C87438C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE6772F1-1B27-41AB-A8E0-9B955B2AEE67}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE6772F1-1B27-41AB-A8E0-9B955B2AEE67}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B39B5B34-1D06-49F0-AA98-9B53957C7247}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B39B5B34-1D06-49F0-AA98-9B53957C7247}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B89617F4-D574-417F-8259-C8F72DFAF273}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B89617F4-D574-417F-8259-C8F72DFAF273}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA9356D4-A0E0-4981-9E22-7B51E9DA205C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA9356D4-A0E0-4981-9E22-7B51E9DA205C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1F11881-19C4-4039-8B14-818419E0C33E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1F11881-19C4-4039-8B14-818419E0C33E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F622B2AD-4483-416C-900E-BA71002A1CBB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F622B2AD-4483-416C-900E-BA71002A1CBB}" => removed successfully
"HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC1B4EFE-3FD5-4245-88F4-A623CE00D3D3} => removed successfully
HKLM\Software\Classes\CLSID\{CC1B4EFE-3FD5-4245-88F4-A623CE00D3D3} => not found
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F988B9EE-CBF8-4322-9D91-7962670B14DB} => removed successfully
HKLM\Software\Classes\CLSID\{F988B9EE-CBF8-4322-9D91-7962670B14DB} => not found
HKLM\Software\Classes\PROTOCOLS\Handler\dssrequest => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi => path removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\SOFTWARE\Google\Chrome\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => removed successfully
HKLM\System\CurrentControlSet\Services\TrueKey => removed successfully
TrueKey => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueKeyScheduler => removed successfully
TrueKeyScheduler => service removed successfully
HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper => removed successfully
TrueKeyServiceHelper => service removed successfully
HKLM\System\CurrentControlSet\Services\InstallerService => removed successfully
InstallerService => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => removed successfully
wpcsvc => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Classes\exefile => removed successfully
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File) => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F820A5CD-9FF5-4D46-B56C-108A52EDC908}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B42C992-CC64-4184-8AFD-A9AD4A721A37}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50AD63C8-B7C6-4E50-9BE6-414A5C06D1F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7AC3336A-B917-4C60-B370-363826DB0471}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{281661F8-0C56-4DA7-B2C3-CD058D16B50A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C15C1633-606F-4711-8CB9-DD69A92B7979}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7737ADC-C79E-4718-BB24-85A6C01EFBC6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C98FAA3F-9295-4193-99FD-4B53421EFAC5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4998A07A-4C85-44C5-B1EE-661A22A010D0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{228ED914-B1A2-4403-8CD7-1FC2507A089A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C93807A-5791-477F-8B8F-49F3F6EF26FC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{27563D42-55E4-4B7B-B465-EB0E4E625D57}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35151739-D7F5-4751-B759-BA9330CCEC41}" => removed successfully
C:\Program Files\TrueKey => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\utilman.lnk" => not found

========= netsh int ip reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40456662 B
Java, Flash, Steam htmlcache => 34242 B
Windows/system/drivers => 227519071 B
Edge => 29510 B
Chrome => 241868766 B
Firefox => 1105434252 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1504888 B
systemprofile32 => 128 B
LocalService => 1765050 B
NetworkService => 218834 B
Toshiba => 56464374444 B
DefaultAppPool => 16674 B

RecycleBin => 11945792729 B
EmptyTemp: => 65.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:36:31 ====

 

 

Also, I still have 2 pop ups when starting up.  Not sure if you just haven't gotten to that part yet but I want to make sure it didn't get missed.

 

C:\\windows\winSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.5

0727.6195_none_cbf5e994470a1a8f\NFC80U.DLL is either not designed

to run on Windows or it contains an error. Try installing the program

again using the original installation media or contact your system

administrator or the software vendor for support.  Error status

0xc0000020.

 

and

C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll. is either not

designed to run on Windows or it contains an error.  Try installing the

program again using the original installation media or contact your

system administrator or the software vendor for support.  Error status

0XC000020.



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 31 August 2019 - 06:27 AM

Hi,
 

Error 0Xc0000020 and other critical errors can occur when your Windows operating system becomes corrupted.
 
 
Check the integrity of the operating system files.
How to run sfc /Scannow
 
Read the instructions carefully before starting the repair process.
If you can print the page for your ease reference.
 
When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process
 
Post the contents of the sfcdetails.txt file for my review.
 
Let me know if the problem persists.
<<<>>>
 
p.s.
 
If the Windows Updates is corrupted run this.
 
I suggest you to perform the Windows Update troubleshooter and try to update Windows 10.
 
Follow these steps to run Windows Update troubleshooter.
 
1.Press Windows key + S key and type  troubleshooting.
2.Select Troubleshooting.
3.Select View all on the top left corner.
4.Run Windows update troubleshooter.
 
Keep me posted as to what problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 31 August 2019 - 07:55 AM

sfcdetails.txt

 

Is blank after running scannow.   I'm assuming this is a good thing?

 

Also, troubleshooter fixed the Window's update issues.

 

Anything else you recommend to clean up my laptop?

 

Thanks again,



#6 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 31 August 2019 - 07:59 AM

Maybe I spoke too soon. It looks like my error messages still pop up during start up.  Did I run scannow incorrectly?

 

DB



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 01 September 2019 - 06:19 AM

Hi,
 
Lets see what we can find in the Registry.
 
Run the Farbar program .exe as an Administrator.
 
In the Search text area, copy and paste the following:
TosNcUi.dll
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 02 September 2019 - 03:16 PM

Here are the results...I wasn't sure if I was supposed to search files before registry so I did both...

 

Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by Toshiba (02-09-2019 15:56:35)
Running from C:\Users\Toshiba\Downloads
Boot Mode: Normal

================== Search Files: "TosNcUi.dll" =============

C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
[2010-03-19 16:28][2017-10-14 13:11] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]


====== End of Search ======

================== Search Registry: "TosNcUi.dll" ===========


====== End of Search ======
 



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 03 September 2019 - 06:49 AM

Hi,
 
Your version of TosNcUi.dll is NOT compromised by malware. It's clean.
 
Do you use the TOSHIBA BulletinBoard?
Read about it.
 
If you do not use it disable this task/process
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
via the MSCONFIG/TASK MANAGER
 
 
If you do and have issues with it check for the latest version of Toshiba BulletinBoard.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 dbarie33

dbarie33

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 04 September 2019 - 07:04 PM

I removed the toshiba bulletin board.  Now this pop up happens at start up...

 

SVPWUTIL.exe - Bad Image

C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b9a1e18e3b_8.0.5

0727.6195_none_cbf5e994470a1a8f\MFC80U.DLL is either not designed

to run on windows or it contains an error.  Try installing  the program

again using the original installation media or contact your system

administrator or the software vendor for support.  Error status

0xc0000020.

 

I also had blue screen crash were the computer had to restart.

 

Blue screen said "If you'd like to know more, you can search online later for this error:

KERNEL SECURITY CHECK FAILURE

 

Any suggestions with these?

 

Thanks

 

DB



#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,276 posts

Posted 05 September 2019 - 05:59 AM

Hi,
 
Lets check further.
 
Repair these services.
 
Boot with Safe Mode with Networking. Execute the following.
 
Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below
  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
  • ===
     
    Restart the computer normally.
    ===
     
    Also, please run  the Farbar program and post fresh FRST.TXT and Addition.txt logs for my review.
     
    How is the computer running now?

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #12 dbarie33

    dbarie33

      Member

    • Full Member
    • Pip
    • 20 posts

    Posted 06 September 2019 - 06:48 PM

    Tweaking app ran and lots of updates followed. There wasn't an automatic report after the reboot.  During the reboot a blue screen error message came up...

     

    Your PC ran into a problem and needs to restart. If you'd like to know more search for:

    DRIVER OVERRAN STACK BUFFER.

     

    After that Error messages that came up after reboot were...

     

    Error 2 opening

    "/RestartByRestartManager:4B4CCB22-2659-4fbf-9DDC-E84CO

    245250B"

     

    and

     

    Classic Shell needs to configure itself for the new operating system.

     

    and

     

    This app has been blocked for your protection...ClassicStartMenu.exe

     

    I also have a Windows Defender notification.  Can that be turned off again?

     

    Here are my FRST logs...

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
    Ran by Toshiba (administrator) on TOSHIBA-PC (TOSHIBA Satellite A665) (06-09-2019 19:25:28)
    Running from C:\Users\Toshiba\Downloads
    Loaded Profiles: Toshiba (Available Profiles: Toshiba & DefaultAppPool)
    Platform: Windows 10 Home Version 1803 17134.984 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\rUpdater\rUpdater_srv.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (F.lux Software LLC -> f.lux Software LLC) C:\Users\Toshiba\AppData\Local\FluxSoftware\Flux\flux.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
    (Some Company) [File not signed] C:\Program Files\rUpdater\rUpdater_agent.exe
    (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-25] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company) [File not signed]
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2016-11-23] (Synaptics Incorporated -> Synaptics Incorporated)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.) [File not signed]
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION) [File not signed]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) [File not signed]
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-08-19] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC) [File not signed]
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] (DivX, LLC -> )
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-07-13] (Wondershare software CO., LIMITED -> )
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-07-06] (CyberLink Corp. -> CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-07-06] (CyberLink Corp. -> CyberLink Corp.)
    HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [265656 2015-06-14] (CyberLink Corp. -> CyberLink Corp.)
    HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-08] (Google Inc -> Google Inc.)
    HKU\S-1-5-21-2844220627-2807872682-970000197-1001\...\Run: [f.lux] => C:\Users\Toshiba\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
    HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
    HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\SysWOW64\DivX.dll [720384 2010-02-19] (DivX, Inc.) [File not signed]
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-08-30] (Google LLC -> Google LLC)
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> C:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-06-14] (CyberLink Corp. -> CyberLink)
    HKLM\Software\...\Authentication\Credential Providers: [{B65F237C-AAFF-4df7-8872-91B65663E41F}] -> C:\Program Files\Toshiba\SmartFaceV\SmartFaceVCP.dll [2009-10-19] (TOSHIBA Corporation) [File not signed]

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0357A71F-7404-40A1-8966-B0EBA1EE3589} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_Plugin.exe [1457208 2019-08-30] (Adobe Inc. -> Adobe)
    Task: {094155C3-CA9E-46D0-8863-CC4D1826F723} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {12799B7B-F499-4D4C-8C28-DBF0108AED55} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {14BE424B-8D7F-44B4-A43A-CCE7CE4D85A3} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {1DA261FC-27F5-430C-A545-0B9749CC64EE} - System32\Tasks\Toshiba Local Autobackup 5 4 => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBCore.exe
    Task: {2D9C64C0-359E-44BD-AF1F-54884907A137} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [218336 2017-05-02] (Tweaking LLC -> Tweaking.com)
    Task: {35C72346-FA34-4550-BA74-EECB08D1189D} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
    Task: {379B48F2-FEB5-4C6B-82C2-F9549E1BD42C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {37A6383F-F58E-4F07-A620-F7DF7002BA24} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3A839EE0-7022-4182-881C-CEA8C8D0C1A9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3B6B10C4-3084-45FE-933A-F62963AD6F18} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
    Task: {440A8B69-FE0C-44CF-92A8-ACCCCB5813D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
    Task: {4B54970B-2346-4AA2-B915-053D590FCC83} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [1662552 2018-05-22] (McAfee, Inc. -> McAfee, Inc.)
    Task: {4DBF6269-C4A9-4AA2-9B1B-CF2D8488344A} - System32\Tasks\{59FFAE28-6469-4C3D-B026-04D6F6AE49E5} => C:\windows\system32\pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
    Task: {55721D81-46C3-4865-8C7B-CBA3EE3A36A8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {5971908B-257B-4010-9021-32B8E254BE4E} - System32\Tasks\Toshiba => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812256 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    Task: {5A7C360C-C58E-4A16-A95D-1471F182F44E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5A988F08-04BA-47F7-83B4-D6FE29D6F805} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {60AAA4E8-B8F7-4AFF-8414-44763E5E4EBA} - System32\Tasks\Toshiba DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    Task: {682B6728-0EFD-496A-8C06-90CAC07671BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [561984 2011-06-01] (Apple Inc. -> Apple Inc.)
    Task: {691896F1-CFB1-4868-9F13-A972C9B54613} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {706E113C-E504-4777-98E7-8C48B12CFA0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [134272480 2019-08-31] (Microsoft Corporation -> Microsoft Corporation)
    Task: {73B57B1C-B8C2-441D-9E7F-4FC723DF7EB6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {82B5DE0B-2C9C-4CC6-9365-6602C223BFA3} - System32\Tasks\Toshiba Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812256 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    Task: {8F4608B4-B913-40A0-97CA-9779D71E1A4D} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
    Task: {91C699FD-E979-4E67-9D0E-E99ADF0E68A6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {942CCB8E-7EFF-41E7-953D-777051370BA8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
    Task: {95235917-CB56-43DA-A08E-1D0ACA9AA539} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [393728 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    Task: {99834018-531B-448C-A1D5-452513CAD828} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9B55AE89-4514-4473-91BA-79DE47BDAC57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
    Task: {9E3BCBB2-3130-40DB-9863-670A1DC2FCC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
    Task: {A560D430-AF99-4369-B4D3-0D30C5145BEF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A5A2B8C7-46A7-4B7D-BE48-BFC516810EC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A6D62008-06DA-4630-A728-5A84EEF8395C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {ABED962C-BB15-436C-A11F-00A51A70A9EC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {B17F7F8A-AAFE-4F5A-9974-3ED7AB7550C6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {D2CF2DCD-B067-4247-AF98-D16061028282} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {DC170B09-5A79-4FFA-B8C8-B30BC38F4502} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E30E2944-43F5-4DCE-AAD6-56077E9F5144} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E6FC1A2F-B6AF-4830-ABF6-EFBA95D18E29} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E855F70D-C157-4CDB-AB4C-83D8EF030D59} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1912608 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    Task: {E9C74AC3-61B6-4189-A6CA-FAF3FADA037B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {EB422714-A60C-4CC3-ACA2-5A86E4FCE48E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {F14A439B-F2B8-4818-A935-7302DB866B42} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-30] (Adobe Inc. -> Adobe)
    Task: {F8F10416-C040-49CC-8D29-C9CD793AC985} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {FBD5DE8E-A89E-4826-82CF-F8295E104F73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Task: {FBD5DE8E-A89E-4826-82CF-F8295E104F73} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{fdc844f0-aba4-4a39-a3db-4a202c94e71d}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2844220627-2807872682-970000197-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope {FB1DA9E1-F9BE-4092-AAE0-568CE0669C47} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM -> {FB1DA9E1-F9BE-4092-AAE0-568CE0669C47} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> DefaultScope {4FE5E16C-8F2D-496E-AEA3-DBDAADE18D63} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    SearchScopes: HKLM-x32 -> {4FE5E16C-8F2D-496E-AEA3-DBDAADE18D63} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2019-07-04] (McAfee, LLC -> McAfee, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC -> DivX, LLC)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-07-13] (Wondershare software CO., LIMITED -> Wondershare)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-14] (Google Inc -> Google Inc.)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2019-07-04] (McAfee, LLC -> McAfee, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (TOSHIBA CORPORATION -> <TOSHIBA>)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-14] (Google Inc -> Google Inc.)
    Toolbar: HKU\S-1-5-21-2844220627-2807872682-970000197-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-14] (Google Inc -> Google Inc.)
    DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: HKLM-x32 {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} hxxp://cashwise.lifepics.com/net/Uploader/LPUploader57.cab
    Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll [2001-02-12] (Microsoft Corporation) [File not signed]
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

    FireFox:
    ========
    FF DefaultProfile: tc2tjp8k.default-1457150045371
    FF ProfilePath: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371 [2019-09-06]
    FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-08-22]
    FF SearchPlugin: C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\tc2tjp8k.default-1457150045371\searchplugins\McSiteAdvisor.xml [2016-03-20]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-07-04]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-16] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
    FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-13] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_238.dll [2019-08-30] (Adobe Inc. -> )
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_238.dll [2019-08-30] (Adobe Inc. -> )
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] (Apple Inc. -> )
    FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC -> DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-02] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2012-05-22] (McAfee, Inc. -> McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-27] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-27] (Google Inc -> Google LLC)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.bing.com/?mkt=en-US&pc=__PARAM__
    CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default [2019-09-05]
    CHR Extension: (Docs) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
    CHR Extension: (Google Drive) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
    CHR Extension: (YouTube) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Rescroller) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddehdnnhjimbggeeenghijehnpakijod [2016-08-09]
    CHR Extension: (Google Docs Offline) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-30]
    CHR Extension: (AdBlock) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09]
    CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-25]
    CHR Extension: (Gmail) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-20]
    CHR Extension: (Chrome Media Router) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-05]
    CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-08-30]
    CHR Profile: C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-30]
    CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SuperAdBlocker.com -> SUPERAntiSpyware.com) [File not signed]
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-07-27] (Macrovision Europe Ltd.) [File not signed]
    S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] (Canon Inc. -> )
    S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2011-09-19] () [File not signed]
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [900288 2019-07-04] (McAfee, LLC -> McAfee, Inc.)
    R2 rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [98304 2015-04-25] () [File not signed]
    S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC -> Seagate Technology LLC)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2016-11-23] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.5-0\NisSrv.exe [3630832 2019-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.5-0\MsMpEng.exe [103168 2019-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
    S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]
    S4 sedsvc; "C:\Program Files\rempl\sedsvc.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 emAudio; C:\WINDOWS\system32\drivers\emAudio64.sys [79872 2008-04-03] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-09-05] (Malwarebytes Corporation -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-09-06] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-09-06] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-09-06] (Malwarebytes Corporation -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-09-06] (Malwarebytes Corporation -> Malwarebytes)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Microsoft Windows -> Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2016-11-23] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (TOSHIBA CORPORATION -> Toshiba Corporation)
    S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [654720 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
    S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [943872 2010-08-20] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
    U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46472 2019-09-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [346336 2019-09-06] (Microsoft Windows -> Microsoft Corporation)
    R3 wdkmd; C:\WINDOWS\System32\drivers\WDKMD.sys [36760 2009-12-17] (Wireless Display -> Intel Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-09-06] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    Error(1) reading file: "C:\Users\Public\Desktop\ABPTS Orientation Materials "
    Error(1) reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABPTS Orientation Materials "
    2019-09-06 19:18 - 2019-09-06 19:19 - 000000000 ____D C:\Program Files\UNP
    2019-09-06 19:16 - 2019-09-06 19:16 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2019-09-06 19:16 - 2019-09-06 19:16 - 000224408 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2019-09-06 19:16 - 2019-09-06 19:16 - 000116112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2019-09-06 19:16 - 2019-09-06 19:16 - 000073584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2019-09-06 17:19 - 2019-02-13 00:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2019-09-06 09:15 - 2019-09-06 06:53 - 000000000 ____D C:\Windows.old
    2019-09-06 07:12 - 2019-09-06 17:35 - 000000000 ____D C:\ProgramData\Packages
    2019-09-06 07:02 - 2019-09-06 07:02 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2019-09-06 06:57 - 2019-09-06 06:57 - 000000000 ___HD C:\Users\Toshiba\MicrosoftEdgeBackups
    2019-09-06 06:55 - 2019-09-06 06:55 - 000000000 ___RD C:\Users\Toshiba\3D Objects
    2019-09-06 06:54 - 2019-09-06 18:56 - 000000000 ____D C:\Users\Toshiba\AppData\Local\ConnectedDevicesPlatform
    2019-09-06 06:54 - 2019-09-06 06:54 - 000000020 ___SH C:\Users\Toshiba\ntuser.ini
    2019-09-06 06:52 - 2019-09-06 19:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2019-09-06 06:52 - 2019-09-06 19:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-09-06 06:52 - 2019-09-06 17:26 - 000003372 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2844220627-2807872682-970000197-1001
    2019-09-06 06:52 - 2019-09-06 06:53 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2019-09-06 06:52 - 2019-09-06 06:53 - 000003322 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2019-09-06 06:52 - 2019-09-06 06:53 - 000003302 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9366F682-5DFE-4419-BCF1-43F60D8141C9}
    2019-09-06 06:52 - 2019-09-06 06:53 - 000002800 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003750 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003458 _____ C:\WINDOWS\System32\Tasks\Toshiba Local Autobackup 5 4
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003006 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2019-09-06 06:52 - 2019-09-06 06:52 - 000003000 _____ C:\WINDOWS\System32\Tasks\Toshiba Merge
    2019-09-06 06:52 - 2019-09-06 06:52 - 000002972 _____ C:\WINDOWS\System32\Tasks\Toshiba
    2019-09-06 06:52 - 2019-09-06 06:52 - 000002848 _____ C:\WINDOWS\System32\Tasks\Ad-Aware Update (Weekly)
    2019-09-06 06:52 - 2019-09-06 06:52 - 000002782 _____ C:\WINDOWS\System32\Tasks\Toshiba DBAgent 2 0
    2019-09-06 06:52 - 2019-09-06 06:52 - 000002382 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
    2019-09-06 06:52 - 2019-09-06 06:52 - 000002240 _____ C:\WINDOWS\System32\Tasks\{59FFAE28-6469-4C3D-B026-04D6F6AE49E5}
    2019-09-06 06:52 - 2019-09-06 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
    2019-09-06 06:52 - 2019-09-06 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
    2019-09-06 06:52 - 2019-09-06 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2019-09-06 06:52 - 2019-09-06 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Games
    2019-09-06 06:52 - 2019-09-06 06:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2019-09-06 06:50 - 2019-09-06 06:52 - 000011433 _____ C:\WINDOWS\diagwrn.xml
    2019-09-06 06:50 - 2019-09-06 06:52 - 000011433 _____ C:\WINDOWS\diagerr.xml
    2019-09-06 06:37 - 2019-09-06 06:37 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2019-09-06 06:35 - 2019-09-06 17:26 - 000002421 _____ C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-06 06:35 - 2019-09-06 06:57 - 000000000 ____D C:\Users\Toshiba
    2019-09-06 06:35 - 2019-09-06 06:45 - 000000000 ____D C:\Users\DefaultAppPool
    2019-09-06 06:35 - 2018-04-11 18:34 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-09-06 06:23 - 2019-09-06 06:23 - 000000000 ____D C:\ProgramData\USOShared
    2019-09-06 06:22 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2019-09-06 06:17 - 2019-09-06 07:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-09-06 06:17 - 2019-09-06 06:41 - 002400160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2019-09-06 05:06 - 2019-09-05 21:33 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2019-09-06 05:06 - 2019-06-26 13:00 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2019-09-06 05:06 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2019-09-06 05:03 - 2019-09-06 09:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2019-09-06 05:03 - 2019-09-06 05:03 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2019-09-06 05:03 - 2019-09-06 05:03 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
    2019-09-06 04:14 - 2019-09-06 04:14 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
    2019-09-06 04:14 - 2019-09-06 04:14 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
    2019-09-06 04:14 - 2019-09-06 04:14 - 002590296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2019-09-06 04:14 - 2019-09-06 04:14 - 002371504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 002307240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2019-09-06 04:14 - 2019-09-06 04:14 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001397104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001150312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000457056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000416024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
    2019-09-06 04:14 - 2019-09-06 04:14 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
    2019-09-06 04:14 - 2019-09-06 04:14 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
    2019-09-06 04:14 - 2019-09-06 04:14 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
    2019-09-06 04:14 - 2019-09-06 04:14 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 006813744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 006527056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 004559872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 004331008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 002563984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 002161008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 002062392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001144664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001143096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 001020064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000745472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2019-09-06 04:13 - 2019-09-06 04:13 - 000713488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2PGraph.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2019-09-06 04:13 - 2019-09-06 04:13 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
    2019-09-06 04:13 - 2019-09-06 04:13 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2PGraph.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2019-09-06 04:13 - 2019-09-06 04:13 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2019-09-06 04:13 - 2019-09-06 04:13 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2pnetsh.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
    2019-09-06 04:13 - 2019-09-06 04:13 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\p2pnetsh.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2019-09-06 04:13 - 2019-09-06 04:13 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2019-09-06 04:13 - 2019-09-06 04:13 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2019-09-06 04:13 - 2019-09-06 04:13 - 000091568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
    2019-09-06 04:12 - 2019-09-06 04:12 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 022734336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 020392608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 019385344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 012838400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 007990272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 007572480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 005769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 003701184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2019-09-06 04:12 - 2019-09-06 04:12 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
    2019-09-06 04:12 - 2019-09-06 04:12 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
    2019-09-06 04:12 - 2019-09-06 04:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2019-09-06 04:12 - 2019-09-06 04:12 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2019-09-06 04:12 - 2019-09-06 04:12 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2019-09-06 04:12 - 2019-09-06 04:12 - 000776192 _____ (Micro


    #13 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,276 posts

    Posted 07 September 2019 - 06:13 AM

    Hi,
     

    Your PC ran into a problem and needs to restart. If you'd like to know more search for:
    DRIVER OVERRAN STACK BUFFER.
     
    This could be caused by a bad driver or some bad clusters on the Hard Disk.
     
    Read the instructions on this page.
     
    How to Fix Hard Drive Problems with Chkdsk in Windows 7, 8, and 10
     
    run this command at the DOS prompt chkdsk /f c:
    p.s. note the spaces before both commands.
     
    Restart the computer normally after the fix.
    ===
     
    Lets check your Master Boot Record.
     
    Read carefully and follow these steps.
    TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  •  
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  •  
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===
     
    --RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======
     
    Let me know of any remaining issues with this computer.
     
    If at any time you get an error message make a note of it and post the exact message for my review.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760




    Member of UNITE
    Support SpywareInfo Forum - click the button