PDA

View Full Version : Malware issues?



loopdiloop
2019-11-11, 18:58
Hi guys

My machine has been a slug recently and I've seen several virus threats that I am not sure Kaspersky caught, so I suspect some infection.

Another issue is that when I try to run aswmbr, it shuts down my machine. I've tried three times now and each time I get a blue screen saying something about "installing a program that is not allowed" caused a Stopcode error with windows.

So I am posting the FRST and addition logs below. Can you advise how to deal with the other issue? Not sure if that is the virus or not preventing me from running it. Let me know if you would like to see a photo of the blue screen error message.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2019
Ran by chris (administrator) on CHRIS (TOSHIBA Satellite P55-A) (10-11-2019 20:03:27)
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Platform: Windows 10 Home Version 1903 18362.295 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(LeapFrog Enterprises, Inc.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(LeapFrog Enterprises, Inc.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Third Party Application Component -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
(TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (AlcorMicro, Corp. -> Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6210368 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-04-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1083DCAB-BA19-45AF-A749-B370E678AC42} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {201EDC77-7220-433E-AE92-E56EC5227D33} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4D3AF2D2-BACC-4267-B0F7-EEA299F9E1D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {73302D47-F5DE-442F-9B3C-7D51BF6C16E1} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {74BB7635-0E01-433A-AC00-81DA71BAB320} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-09-28] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {94F3D4D0-2A7C-4711-BC50-B4FCAF6BE66A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A2EC85BB-BAC2-4381-BFE3-FA7B7DCF5595} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {A7BE614B-DC35-42DF-A71E-D8DD3CFF1888} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-09] (Adobe Inc. -> Adobe)
Task: {B1448C0D-F286-420B-8ADD-9CD7220864BF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {BA74D9F0-E2D3-4E1A-BF8D-1225A1A27775} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D09AE9AB-24E7-499D-AEF4-9C34C265C764} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DCBABE69-0724-4882-AE78-7FD39EE41D8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
Task: {E5E281D3-6F53-43C0-8745-9E392D262435} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {E655E64F-4FD1-4D54-87C1-1560C8086D48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {E7BAE77E-FA90-4E88-AABE-6D206B6B9531} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F26AAE76-3AD2-46C5-AE02-DA175EB9D038} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{2c20a66b-be6f-42a3-bdf7-de38d6ca1406}: [DhcpNameServer] 209.18.47.63 209.18.47.61
Tcpip\..\Interfaces\{6560803b-6c81-49ac-830a-601d696dc172}: [DhcpNameServer] 192.168.1.1 4.2.2.2
Tcpip\..\Interfaces\{9b42df81-51ed-444c-894a-35329219ee50}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b7d95276-6608-4092-b839-ee7e745a172b}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-277956631-559940316-2728223971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://espn.go.com/
SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_B29D4AD94F82454BBC9215BCBD7E80AE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi [2019-09-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_B29D4AD94F82454BBC9215BCBD7E80AE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-07-17] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-277956631-559940316-2728223971-1001: @citrixonline.com/appdetectorplugin -> C:\Users\chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-03] (Citrix Online -> Citrix Online)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://espn.go.com/"
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2019-10-06]
CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-24]
CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-24]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-06]
CHR Extension: (Chrome Media Router) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-06]
CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399720 2017-07-17] (WildTangent Inc -> WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370848 2019-05-05] (Intel Corporation -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [76624 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [129152 2019-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251512 2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [514688 2019-06-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1204856 2019-09-12] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [199744 2019-11-10] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998016 2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79184 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-14] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-22] (Kaspersky Lab -> AO Kaspersky Lab)
S3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [209928 2018-11-24] (Kaspersky Lab -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [210280 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232272 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-10 20:03 - 2019-11-10 20:05 - 000033244 _____ C:\Users\chris\Desktop\FRST.txt
2019-11-10 20:00 - 2019-11-10 20:04 - 000000000 ____D C:\FRST
2019-11-10 19:58 - 2019-11-10 19:58 - 002260480 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
2019-11-10 19:54 - 2019-11-10 19:54 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-11-10 19:54 - 2019-11-10 19:54 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-11-10 19:54 - 2019-11-10 19:54 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-CHRIS-Windows-10-Home-(64-bit).dat
2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\RegBackup
2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-11-10 19:53 - 2019-11-10 19:54 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-11-10 19:52 - 2019-11-10 19:52 - 005766144 _____ (Tweaking.com) C:\Users\chris\Desktop\tweaking.com_registry_backup_setup.exe
2019-11-10 19:51 - 2019-11-10 19:51 - 003449206 _____ C:\Users\chris\Downloads\tweaking.com_registry_backup_portable.zip
2019-11-01 06:52 - 2019-11-01 06:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-10-30 10:45 - 2019-10-30 10:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-10-23 06:56 - 2019-10-23 06:56 - 000000000 ___HD C:\OneDriveTemp
2019-10-15 20:44 - 2019-10-15 20:44 - 005911489 _____ C:\Users\chris\Desktop\LL Fall 2019.pdf
2019-10-15 07:24 - 2019-10-15 07:24 - 000306248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2019-10-15 07:23 - 2019-10-15 07:23 - 000119744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2019-10-14 14:45 - 2019-10-14 14:46 - 000000000 ____D C:\Users\chris\Desktop\Chukka shoes
2019-10-14 07:56 - 2019-10-22 07:22 - 000204520 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2019-10-14 07:56 - 2019-10-14 07:56 - 000251256 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2019-10-13 20:18 - 2019-09-19 20:36 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2019-10-13 20:18 - 2019-09-19 20:14 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-10 20:08 - 2013-12-30 15:49 - 000000000 ___RD C:\Users\chris\SkyDrive
2019-11-10 20:04 - 2014-01-05 00:39 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-11-10 19:41 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-11-10 19:35 - 2019-08-25 18:41 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-10 19:35 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
2019-11-10 19:29 - 2017-08-16 21:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-11-10 19:29 - 2016-05-31 19:53 - 000000000 __SHD C:\Users\chris\IntelGraphicsProfiles
2019-11-10 19:27 - 2019-08-25 18:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-10 19:26 - 2019-03-18 20:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-11-10 19:26 - 2019-03-18 20:37 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2019-11-10 18:30 - 2019-08-25 18:59 - 000004144 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7F7B6025-52D1-44A2-9583-D077D3F06E41}
2019-11-10 18:27 - 2019-08-25 18:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-11-10 10:37 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-11-09 10:07 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-11-08 08:02 - 2016-09-15 14:15 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-08 08:02 - 2016-09-15 14:15 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-11-08 08:02 - 2016-09-15 14:15 - 000002271 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-11-07 07:54 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-11-06 09:05 - 2019-04-06 09:01 - 000000000 ____D C:\Users\chris\AppData\Local\ElevatedDiagnostics
2019-11-05 07:41 - 2019-08-25 18:59 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-05 07:41 - 2019-08-25 18:59 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-05 07:41 - 2013-12-02 00:53 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-03 10:22 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-11-01 06:56 - 2016-02-07 13:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-10-31 07:08 - 2017-12-26 08:44 - 000998016 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2019-10-31 07:08 - 2017-12-26 08:44 - 000251512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2019-10-27 10:22 - 2019-09-16 19:32 - 000000000 ____D C:\Users\chris\Desktop\Isabel random
2019-10-23 06:53 - 2019-08-25 18:59 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-277956631-559940316-2728223971-1001
2019-10-23 06:52 - 2019-08-25 18:23 - 000002410 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-18 00:01 - 2019-10-03 06:56 - 000000000 __SHD C:\found.000
2019-10-15 06:45 - 2013-12-30 15:58 - 000000000 ____D C:\Program Files\Microsoft Office 15
2019-10-14 13:46 - 2017-12-29 01:21 - 000000000 ____D C:\Users\chris\AppData\Local\Packages
2019-10-13 22:22 - 2014-01-05 20:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-13 22:11 - 2014-01-05 20:50 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-13 21:54 - 2019-08-25 18:23 - 000000000 ____D C:\Users\chris

==================== Files in the root of some directories ========

2014-06-01 01:44 - 2016-08-28 14:15 - 000017408 _____ () C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Addition.Txt log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
Ran by chris (10-11-2019 20:10:15)
Running from C:\Users\chris\Desktop
Windows 10 Home Version 1903 18362.295 (X64) (2019-08-26 03:01:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-277956631-559940316-2728223971-500 - Administrator - Disabled)
chris (S-1-5-21-277956631-559940316-2728223971-1001 - Administrator - Enabled) => C:\Users\chris
DefaultAccount (S-1-5-21-277956631-559940316-2728223971-503 - Limited - Disabled)
Guest (S-1-5-21-277956631-559940316-2728223971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-277956631-559940316-2728223971-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-277956631-559940316-2728223971-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-2d4ec317-ec85-4b0e-8626-bf5c5d9f40df) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 84.4.170 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
FREE MSG File Viewer version 2.0 (HKLM-x32\...\{2D370F64-93D0-4731-B27B-35869AEEB460}_is1) (Version: 2.0 - SysTools Software)
Free Unpacker (HKLM-x32\...\JujubaSoftwareFreeUnpacker) (Version: 1.0 - Jujuba Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
King Oddball (HKLM-x32\...\WTA-37ea9933-72a6-47b7-a591-8a883511739a) (Version: 3.0.2.48 - WildTangent) Hidden
LeapFrog Connect (HKLM-x32\...\{8A0C34E5-01A6-476B-87F3-321ABAA3948D}) (Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{A7D849DD-D940-4ECF-ABF2-2022C60F85C9}) (Version: 6.0.19.19317 - LeapFrog) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5179.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
Mozilla Thunderbird 60.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 en-US)) (Version: 60.8.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0f68d65e-e914-49e6-a7ad-5b1860066f42) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.5.90191 - Sonos, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.1.1.30 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-02] (WildTangent Games)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-27] (Amazon.com)
Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_2.0.3615.0_x64__vwcaa66y1ah8t [2014-06-05] (K-NFB Reading Technologies, Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-28] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
Deals & Offers -> C:\Program Files\WindowsApps\2B24874D.DealsOffers_1.0.0.4_neutral__v10edqkhnj0dg [2013-12-30] (Synacor, Inc.)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.4.0.5_x86__h6adky7gbf63m [2019-10-15] (Gameloft.)
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.21.8716.0_x86__q4d96b2w5wcc2 [2019-10-13] (Evernote)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-15] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-09] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-06-26] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad]
Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.33.0_x64__679ekb9hp1h62 [2019-01-31] (sMedio)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-13] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-02] (Netflix, Inc.)
Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-04-20] (Symantec Corporation)
Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-05-13] (Toshiba America Information Systems, Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2014-11-27] (Microsoft Corporation) [MS Ad]
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-04-18] (Zinio LLC)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-277956631-559940316-2728223971-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\chris\Dropbox [2016-02-07 13:10]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\chris\Favorites\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_cor
Shortcut: C:\Users\chris\Favorites\Verizon Links\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\chris\Favorites\Verizon Links\Safety & Security.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_safet
Shortcut: C:\Users\chris\Favorites\Verizon Links\Search.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_allsearc
Shortcut: C:\Users\chris\Favorites\Verizon Links\SuperPages.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_superp
Shortcut: C:\Users\chris\Favorites\Verizon Links\Switching Tips.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_switc
Shortcut: C:\Users\chris\Favorites\Verizon Links\Verizon Wireless.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_vzwireles
Shortcut: C:\Users\chris\Favorites\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_welcom
Shortcut: C:\Users\chris\Favorites\Verizon Central\Broadband Beat.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_dslliv
Shortcut: C:\Users\chris\Favorites\Verizon Central\E-Mail & More.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_webmai
Shortcut: C:\Users\chris\Favorites\Verizon Central\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_hel
Shortcut: C:\Users\chris\Favorites\Verizon Central\My Account.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_myacc
Shortcut: C:\Users\chris\Favorites\Verizon Central\My Web Space.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_mywebs
Shortcut: C:\Users\chris\Favorites\Verizon Central\Shop Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_shopv
Shortcut: C:\Users\chris\Favorites\Verizon Central\Verizon Central.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_centra

==================== Loaded Modules (Whitelisted) =============

2014-02-01 12:30 - 2014-02-01 12:30 - 000861184 _____ () [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2013-12-02 00:55 - 2013-07-02 14:29 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2013-12-02 00:55 - 2012-04-20 13:17 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\xerces-c_3_1.dll
2014-04-09 14:34 - 2014-04-09 14:34 - 004053504 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Core.dll
2014-02-01 12:25 - 2014-02-01 12:25 - 004113408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Gui.dll
2014-02-01 12:23 - 2014-02-01 12:23 - 000816640 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Network.dll
2014-04-09 14:34 - 2014-04-09 14:34 - 004375552 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Widgets.dll
2013-04-22 07:50 - 2013-04-22 07:50 - 022317056 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icudt51.dll
2013-04-22 07:49 - 2013-04-22 07:49 - 001767424 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icuin51.dll
2013-04-22 07:49 - 2013-04-22 07:49 - 001295872 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icuuc51.dll
2013-12-02 00:55 - 2012-04-20 13:17 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icudt48.dll
2013-12-02 00:55 - 2012-04-20 13:17 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icuuc48.dll
2015-10-09 05:42 - 2003-01-26 13:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-277956631-559940316-2728223971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chris\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
DNS Servers: 209.18.47.63 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FFBFD921-C4BD-4E73-B657-0E3BCBBF2B19}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [UDP Query User{E73E4B54-C5E9-4F42-B853-131DB8A04434}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{F5FF7D89-443C-462B-9EB5-AAE90353FC39}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AE2D354B-1BD5-4124-A31A-E4AB600EB1ED}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0DE936AF-DEA2-4CDB-98F8-A356F254A882}] => (Allow) C:\Users\chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
FirewallRules: [{5080A592-99AF-43BB-8792-5AC07957386A}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4C604046-80B3-4101-9D4E-955496C872A6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E5B2A8A0-3174-421C-8BF1-2CDCEA379A73}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8843D35B-976B-47FC-937C-BA7C94A3BCE4}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe (LeapFrog Enterprises, Inc.) [File not signed]
FirewallRules: [{B79E5F9A-7A08-4351-8343-041558289D16}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{41946D1C-AD6F-408F-A92E-218E1EBA0A35}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
FirewallRules: [{CD65AAC1-5034-471E-BB5C-308CB96F43A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{77C9040B-01B6-4854-825D-DA3042C4F2B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F42AE5A1-CA2F-47E3-BEE5-71E27D6DB9F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2E5AE58B-F677-45B5-AEB2-8FC0093D3243}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2883DB37-8A60-4FB8-B1E5-81651236E496}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{874C82FA-4E7C-47A4-BC11-07819CA620CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

22-10-2019 06:55:54 Windows Update
23-10-2019 08:23:20 Windows Modules Installer
29-10-2019 08:47:24 Windows Update
02-11-2019 09:54:51 Windows Modules Installer
08-11-2019 08:16:25 Windows Update
09-11-2019 09:14:42 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : Reinstall the drivers for this device. (Code 18)
Resolution: The drivers for this device must be reinstalled.
Click "Update Driver", which starts the Hardware Update wizard.
Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/10/2019 08:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2096,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/10/2019 07:37:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/10/2019 07:33:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.18362.267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 87c

Start Time: 01d5984066ba6a74

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: ccf01f21-8a37-4915-ad3d-8dc7da98a4fe

Faulting package full name: Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Hang type: Cross-thread

Error: (11/10/2019 07:21:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: a0a8

Start Time: 01d5983e915bb01a

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 3cdf31ed-98f9-4443-8187-09a77427c76a

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/10/2019 07:13:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 401c

Start Time: 01d5983b4b3fb4ed

Termination Time: 77

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 47c540f7-5974-42bd-8059-1ecae25b7355

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown

Error: (11/10/2019 07:00:58 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (24652,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/10/2019 06:33:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (42260,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/10/2019 06:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Chris.local already in use; will try Chris-2.local instead


System errors:
=============
Error: (11/10/2019 07:38:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (11/10/2019 07:35:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service hung on starting.

Error: (11/10/2019 07:32:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (11/10/2019 07:29:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/10/2019 07:29:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (11/10/2019 07:29:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/10/2019 07:29:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (11/10/2019 07:26:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.


CodeIntegrity:
===================================

Date: 2019-11-10 19:40:07.450
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.394
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.343
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.291
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.223
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.166
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.112
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

Date: 2019-11-10 19:40:07.049
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: TOSHIBA 1.50 11/04/2013
Motherboard: TOSHIBA VG10ST
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 61%
Total physical RAM: 6056.14 MB
Available physical RAM: 2329.15 MB
Total Virtual: 10408.14 MB
Available Virtual: 6452.82 MB

==================== Drives ================================

Drive c: (TI10672100G) (Fixed) (Total:687.5 GB) (Free:444.75 GB) NTFS

\\?\Volume{4c3a3593-2f30-11e3-bd3e-cd66f894e8a7}\ (System) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS
\\?\Volume{63f750c1-d9ee-4c20-a58a-25bcdc644756}\ () (Fixed) (Total:0.99 GB) (Free:0.43 GB) NTFS
\\?\Volume{111f9b2d-5b32-11e3-82e7-0c54a53cb7a9}\ (Recovery) (Fixed) (Total:8.92 GB) (Free:0.8 GB) NTFS
\\?\Volume{4c3a359b-2f30-11e3-bd3e-cd66f894e8a7}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Juliet
2019-11-12, 15:18
Hi and welcome.

As far as seeing anything suspicious, I didn't see it.

To run a few tools and try to find anything we will need to probably temporarily disable Kaspersky antivirus.
Kaspersky's installer detects some malware removal tools as incompatible if installed.

double-click on Kaspersky icon in the notification area of the taskbar & disable it. For as long a period of time as possible.
Of course, as soon as the downloaded tools have run and created log files, please re-enable it again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Start Farbar Recovery Scan Tool with Administrator privileges
(Right click on the FRST icon and select Run as administrator)

highlight on the text below and select Copy.
beginning with Start:: and finishing with End::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Highlight the entire content of the quote box below and select Copy.




Start::
CloseProcesses:
CreateRestorePoint:
Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*
End::

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Start FRST (FRST64) with Administrator privileges
Press the Fix button. FRST will process the lines copied above from the clipboard.
When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






http://i.imgur.com/zcMPezJ.pngAdwCleaner - Fix Mode

Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and move it to your Desktop
Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Accept the EULA (I accept), then click on Scan
Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


~~~~~~

http://i.imgur.com/RQKuhw1.pngRogueKiller

Download the right version of RogueKiller (http://www.adlice.com/download/roguekiller/#download) for your Windows version (32 or 64-bit)
Once done, move the executable file to your Desktop, right-click on it and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
Wait for the scan to complete
On completion, the results will be displayed
Check every single entry (threat found), and click on the Remove Selected button
On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
This will open the report in Notepad. Copy/paste its content in your next reply


~~~

Please post these 3 logs when finished.

loopdiloop
2019-11-15, 08:05
Hi Juliet

Thanks for your patience!

Note: Adaware did not technically ask to "clean and repair" but rather "quarantine". Not sure if it was supposed to but I think it quarantined my Toshiba apps. Not that I use them, not sure what they are anyways, but just an FYI.


thanks

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
Ran by chris (14-11-2019 20:31:22) Run:1
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
C:\Windows\Temp\*.*

*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03804D90-E3BB-4995-B27B-221D1EB87A12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03804D90-E3BB-4995-B27B-221D1EB87A12}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DE60D64-BEF8-4A46-83C9-C6F902CB11C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE60D64-BEF8-4A46-83C9-C6F902CB11C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A9EF887-BC15-40BD-87D8-997FE7CBA94B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A9EF887-BC15-40BD-87D8-997FE7CBA94B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66CE63E0-7E04-4CC8-9AFF-1648579F2EEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66CE63E0-7E04-4CC8-9AFF-1648579F2EEC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DF5191C-A5E4-44E8-886C-63133B5B9DAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DF5191C-A5E4-44E8-886C-63133B5B9DAC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8810D352-EF96-44CF-9B29-F53020015A69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8810D352-EF96-44CF-9B29-F53020015A69}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91F272B8-9AE7-4300-92A7-093A7337D331}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91F272B8-9AE7-4300-92A7-093A7337D331}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E63A896-0F0C-4CD5-90E6-7146B450947D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E63A896-0F0C-4CD5-90E6-7146B450947D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB8DB7C-E097-487B-87C4-279E5A61938F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB8DB7C-E097-487B-87C4-279E5A61938F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34DFE34-DF41-49FA-B85E-55EBCA3575F2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34DFE34-DF41-49FA-B85E-55EBCA3575F2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11B28F7-9C63-425C-8193-F70EA2F360C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11B28F7-9C63-425C-8193-F70EA2F360C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5770006-766C-48A5-B37E-D75CFE705358}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5770006-766C-48A5-B37E-D75CFE705358}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51416A4-98B8-4142-B210-6B9F65FFCB80}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51416A4-98B8-4142-B210-6B9F65FFCB80}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
HKU\S-1-5-21-277956631-559940316-2728223971-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} => removed successfully
"HKU\S-1-5-21-277956631-559940316-2728223971-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\APPX.3sp3fqi6gsy4owo0zgq_oeo7b.tmp => moved successfully
C:\Windows\Temp\APPX.7ln7k7oyh06_6qwazo3ta6_1f.tmp => moved successfully
C:\Windows\Temp\APPX.oektwdfjuf66c2lx1lnjmo2rg.tmp => moved successfully
C:\Windows\Temp\APPX.rcazqso8fowxwe2of4t1spw1c.tmp => moved successfully
C:\Windows\Temp\CHRIS-20191011-0710.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2101.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2104.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2104a.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2251.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2313.log => moved successfully
C:\Windows\Temp\CHRIS-20191013-2340.log => moved successfully
C:\Windows\Temp\CHRIS-20191014-0010.log => moved successfully
C:\Windows\Temp\CHRIS-20191014-0849.log => moved successfully
C:\Windows\Temp\CHRIS-20191015-0728.log => moved successfully
C:\Windows\Temp\CHRIS-20191015-0728a.log => moved successfully
C:\Windows\Temp\CHRIS-20191016-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191017-0803.log => moved successfully
C:\Windows\Temp\CHRIS-20191017-0918.log => moved successfully
C:\Windows\Temp\CHRIS-20191018-0746.log => moved successfully
C:\Windows\Temp\CHRIS-20191018-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191018-0826.log => moved successfully
C:\Windows\Temp\CHRIS-20191018-2015.log => moved successfully
C:\Windows\Temp\CHRIS-20191019-0747.log => moved successfully
C:\Windows\Temp\CHRIS-20191019-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191019-0825.log => moved successfully
C:\Windows\Temp\CHRIS-20191019-1429.log => moved successfully
C:\Windows\Temp\CHRIS-20191020-0722.log => moved successfully
C:\Windows\Temp\CHRIS-20191020-0747.log => moved successfully
C:\Windows\Temp\CHRIS-20191020-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191020-0825.log => moved successfully
C:\Windows\Temp\CHRIS-20191020-0826.log => moved successfully
C:\Windows\Temp\CHRIS-20191022-0747.log => moved successfully
C:\Windows\Temp\CHRIS-20191022-0748.log => moved successfully
C:\Windows\Temp\CHRIS-20191022-0748a.log => moved successfully
C:\Windows\Temp\CHRIS-20191022-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191022-0826.log => moved successfully
C:\Windows\Temp\CHRIS-20191023-0807.log => moved successfully
C:\Windows\Temp\CHRIS-20191023-0835.log => moved successfully
C:\Windows\Temp\CHRIS-20191023-0925.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0745.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0746.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0749.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0750.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0829.log => moved successfully
C:\Windows\Temp\CHRIS-20191025-0918.log => moved successfully
C:\Windows\Temp\CHRIS-20191026-0849.log => moved successfully
C:\Windows\Temp\CHRIS-20191026-0851.log => moved successfully
C:\Windows\Temp\CHRIS-20191026-0906.log => moved successfully
C:\Windows\Temp\CHRIS-20191027-0938.log => moved successfully
C:\Windows\Temp\CHRIS-20191027-0939.log => moved successfully
C:\Windows\Temp\CHRIS-20191027-0939a.log => moved successfully
C:\Windows\Temp\CHRIS-20191028-0749.log => moved successfully
C:\Windows\Temp\CHRIS-20191028-2055.log => moved successfully
C:\Windows\Temp\CHRIS-20191029-0727.log => moved successfully
C:\Windows\Temp\CHRIS-20191029-0730.log => moved successfully
C:\Windows\Temp\CHRIS-20191029-0746.log => moved successfully
C:\Windows\Temp\CHRIS-20191029-0852.log => moved successfully
C:\Windows\Temp\CHRIS-20191029-0939.log => moved successfully
C:\Windows\Temp\CHRIS-20191030-0757.log => moved successfully
C:\Windows\Temp\CHRIS-20191030-0843.log => moved successfully
C:\Windows\Temp\CHRIS-20191030-0905.log => moved successfully
C:\Windows\Temp\CHRIS-20191030-0939.log => moved successfully
C:\Windows\Temp\CHRIS-20191031-0749.log => moved successfully
C:\Windows\Temp\CHRIS-20191031-0820.log => moved successfully
C:\Windows\Temp\CHRIS-20191031-0851.log => moved successfully
C:\Windows\Temp\CHRIS-20191031-0911.log => moved successfully
C:\Windows\Temp\CHRIS-20191031-1026.log => moved successfully
C:\Windows\Temp\CHRIS-20191101-0755.log => moved successfully
C:\Windows\Temp\CHRIS-20191101-0755a.log => moved successfully
C:\Windows\Temp\CHRIS-20191101-0820.log => moved successfully
C:\Windows\Temp\CHRIS-20191101-0852.log => moved successfully
C:\Windows\Temp\CHRIS-20191101-0912.log => moved successfully
C:\Windows\Temp\CHRIS-20191102-1050.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-0918.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-0920.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-0932.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-0940.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-1001.log => moved successfully
C:\Windows\Temp\CHRIS-20191103-1021.log => moved successfully
C:\Windows\Temp\CHRIS-20191104-0006.log => moved successfully
C:\Windows\Temp\CHRIS-20191104-0748.log => moved successfully
C:\Windows\Temp\CHRIS-20191104-0751.log => moved successfully
C:\Windows\Temp\CHRIS-20191105-0744.log => moved successfully
C:\Windows\Temp\CHRIS-20191105-0744a.log => moved successfully
C:\Windows\Temp\CHRIS-20191105-0751.log => moved successfully
C:\Windows\Temp\CHRIS-20191106-0735.log => moved successfully
C:\Windows\Temp\CHRIS-20191106-0744.log => moved successfully
C:\Windows\Temp\CHRIS-20191106-0751.log => moved successfully
C:\Windows\Temp\CHRIS-20191107-0751.log => moved successfully
C:\Windows\Temp\CHRIS-20191107-0753.log => moved successfully
C:\Windows\Temp\CHRIS-20191108-0759.log => moved successfully
C:\Windows\Temp\CHRIS-20191108-0801.log => moved successfully
C:\Windows\Temp\CHRIS-20191108-0801a.log => moved successfully
C:\Windows\Temp\CHRIS-20191109-0853.log => moved successfully
C:\Windows\Temp\CHRIS-20191109-0859.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-1035.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-1037.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-1037a.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-1928.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-1943.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2013.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2020.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2036.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2058.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2111.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2159.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2229.log => moved successfully
C:\Windows\Temp\CHRIS-20191110-2247.log => moved successfully
C:\Windows\Temp\CHRIS-20191111-0028.log => moved successfully
C:\Windows\Temp\CHRIS-20191111-0928.log => moved successfully
C:\Windows\Temp\CHRIS-20191112-0759.log => moved successfully
C:\Windows\Temp\CHRIS-20191112-0759a.log => moved successfully
C:\Windows\Temp\CHRIS-20191113-0737.log => moved successfully
C:\Windows\Temp\CHRIS-20191113-0756.log => moved successfully
C:\Windows\Temp\CHRIS-20191114-0726.log => moved successfully
C:\Windows\Temp\CHRIS-20191114-0727.log => moved successfully
C:\Windows\Temp\CHRIS-20191114-0755.log => moved successfully
C:\Windows\Temp\CHRIS-20191114-2022.log => moved successfully
Could not move "C:\Windows\Temp\CHRIS-20191114-2031.log" => Scheduled to move on reboot.
C:\Windows\Temp\chrome_installer.log => moved successfully
C:\Windows\Temp\kav.20.0.14.1085d_09.31_15.11_3616.apply_patches.kis2020mp0.log => moved successfully
C:\Windows\Temp\kav.20.0.14.1085e_10.11_17.37_3872.apply_patches.drivers_x64.log => moved successfully
C:\Windows\Temp\KSDE.dumpwriter.log => moved successfully
C:\Windows\Temp\MpCmdRun.log => moved successfully
C:\Windows\Temp\MSI5507a.LOG => moved successfully
C:\Windows\Temp\MSIbacf0.LOG => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191013225129F88).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2019102509185610A0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110192801F6C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110202017C20).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110203550D94).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110205835104C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110211158BB4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110222903F0C).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201911142031303C44).log" => Scheduled to move on reboot.
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191013225131F88).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2019102509185710A0).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110192802F6C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110202043C20).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110203615D94).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110205836104C).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110211158BB4).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110222904F0C).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201911142031323C44).log" => Scheduled to move on reboot.
C:\Windows\Temp\ood_stream.x86.en-us.dat => moved successfully
C:\Windows\Temp\ood_stream.x86.x-none.dat => moved successfully
C:\Windows\Temp\WER-872859-0.sysdata.xml => moved successfully
C:\Windows\Temp\WERC8D4.tmp.WERDataCollectionStatus.txt => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 406057793 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 8399204 B
Edge => 40341691 B
Chrome => 214699589 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 76256 B
NetworkService => 76256 B
chris => 340387364 B

RecycleBin => 0 B
EmptyTemp: => 973.3 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-11-2019 20:41:53)

C:\Windows\Temp\CHRIS-20191114-2031.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201911142031303C44).log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(201911142031323C44).log => Is moved successfully

==== End of Fixlog 20:42:01 ====


Adaware:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build: 10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-14-2019
# Duration: 00:00:20
# OS: Windows 10 Home
# Cleaned: 48
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.Pokki File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
Deleted Preinstalled.TOSHIBAPasswordUtility Folder C:\Program Files (x86)\TOSHIBA\PASSWORDUTILITY
Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|1.TPUReg
Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|1.TPUReg
Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
Deleted Preinstalled.TOSHIBAQualityApplication Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAFB
Deleted Preinstalled.TOSHIBAQualityApplication Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E69992ED-A7F6-406C-9280-1C156417BC49}
Deleted Preinstalled.TOSHIBARegistration Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAREGISTRATION
Deleted Preinstalled.TOSHIBARegistration Folder C:\ProgramData\TOSHIBA\TOSHIBAREGISTRATION
Deleted Preinstalled.TOSHIBARegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5AF550B4-BB67-4E7E-82F1-2C4300279050}
Deleted Preinstalled.TOSHIBASystemSettings Folder C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING
Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TCrdMain
Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TSSSrv
Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain
Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TSSSrv
Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0}
Deleted Preinstalled.TOSHIBAUser'sGuide Folder C:\Program Files (x86)\TOSHIBA\DOCUMENTATION
Deleted Preinstalled.TOSHIBAUser'sGuide Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}
Deleted Preinstalled.TOSHIBAUtilities Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES
Deleted Preinstalled.ToshibaAppPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA APP PLACE
Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ToshibaAppPlace
Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ToshibaAppPlace
Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}
Deleted Preinstalled.ToshibaBookPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA BOOK PLACE
Deleted Preinstalled.ToshibaBookPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{11244D6B-9842-440F-8579-6A4D771A0D9B}
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft
Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres
Deleted Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
Deleted Preinstalled.WildTangentGamesBundle File C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\KING ODDBALL
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\TOUCHPOINTS\TOSHIBA
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Users\chris\Favorites\WILDTANGENT GAMES
Deleted Preinstalled.WildTangentGamesBundle Registry HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [87240 octets] - [14/11/2019 21:01:45]
AdwCleaner[S00].txt - [7604 octets] - [14/11/2019 21:02:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Rogue Killer:

RogueKiller Anti-Malware V13.5.6.0 (x64) [Nov 7 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18362) 64 bits
Started in : Normal mode
User : chris [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20191114_090610, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2019/11/14 21:26:39 (Duration : 00:31:55)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Juliet
2019-11-15, 15:08
Adaware did not technically ask to "clean and repair" but rather "quarantine". Not sure if it was supposed to but I think it quarantined my Toshiba apps. Not that I use them, not sure what they are anyways, but just an FYI.
Thank you for the 'quarantine tip'.

It went after programs which are often been considered as bloatware by some users as it is bundled on various manufacturer's new PCs. (Because this might be considered bloatware does not mean the software is bad or harmful, if you use it regularly its worthwhile to have. However, bloatware typically means the program is optional and was simply pre-installed but is not required and can be removed.)

You might consider removing as it often consumes system resources, even if not actively being run, adversely affecting system responsiveness.

WildTangent Games App ==> is technically not considered spyware or malware. It is actually a web driver used for many online and offline games. However, because it does use built-in modules allowing it to collect information about your computer and update automatically, you may not be comfortable having it on your system. If there are any sort of updates to existing games or apps, it will run using resources without your permission causing system slow downs and confusion.

Long story short, if you are not using this bloatware placed on the machine by Toshiba, you will not miss anything but, should see improvements.

~~~~~~~
So far there isn't any real signs of anything malicious.

ESET Online Scanner:

Please go here (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe), download the ESET Smart Installer, and save it to your desktop.
Double-click on the https://www.bleepstatic.com/fhost/uploads/4/esetimage.png you just downloaded.
Place a checkmark next to "YES, I accept the Terms of Use" and click the https://www.bleepstatic.com/fhost/uploads/4/shieldstart.png button.
Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
Then click Advanced settings, and make sure there is a checkmark next to only the following items (uncheck everything else):
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Now click on: https://www.bleepstatic.com/fhost/uploads/4/start.png
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your internet connection
When the download has completed, the Online Scan will begin automatically it could take several hours to complete the scan. Please be patient
When the scan has completed, click List Found Threats (only if anything is found)
Then click Export, and save the file to your desktop using a unique name, such as ESETScan
Copy and paste the contents of this report into your next reply to me
Click Back, then click Finish to exit ESET Online Scanner

loopdiloop
2019-11-18, 04:40
Hi Juliet

I ran Etscan and there were no threats found and no files cleaned. So it did not produce a report. It took 5 hours and change.

Can we get rid of the Toshiba apps and wild tangent programs? I really want to try and speed up the machine. I don't understand why it takes so long to get things moving on this machine.

Thanks

Juliet
2019-11-18, 13:06
Hi Juliet

I ran Etscan and there were no threats found and no files cleaned. So it did not produce a report. It took 5 hours and change.

Can we get rid of the Toshiba apps and wild tangent programs? I really want to try and speed up the machine. I don't understand why it takes so long to get things moving on this machine.

Thanks
Below are a couple of Apps you can get to and remove from the control panel/add remove list.
https://support.microsoft.com/en-us/help/247501/how-to-manually-remove-programs-from-the-add-remove-programs-list
How to Manually Remove Programs from the Add/Remove Programs List

Bejeweled 3 (HKLM-x32\...\WTA-2d4ec317-ec85-4b0e-8626-bf5c5d9f40df) (Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
King Oddball (HKLM-x32\...\WTA-37ea9933-72a6-47b7-a591-8a883511739a) (Version: 3.0.2.48 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0f68d65e-e914-49e6-a7ad-5b1860066f42) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.1.1.30 - WildTangent) Hidden

Sometimes it requires a reboot to completely remove from the registry.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You might be having a conflict with Windows 10 Windows Defender and Kaspersky security.
Apparently they didn't completely turn off Windows Defender - even tho the service is set to On Demand it is still running for some reason. (anti-viruses will always turn off Windows Defender so that the two don't fight each other)

What might be of use is to temporarily or try to permanently disable Windows Defender.
https://support.microsoft.com/en-us/help/4027187/windows-10-turn-off-antivirus-protection-windows-security
Turn off antivirus protection in Windows Security

If you feel that Kaspersky is the problem causing the machine to lag you can uninstall that antivirus and try a different one to use. I can supply a list of free ones and paid for if needed. Just remember not to leave the computer without protection. Some people use Windows Defender as their trusted antivirus.

Also if you go that route to remove you can use the Kaspersky removal tool.
Download and run their uninstaller tool from this site.
This will remove all traces of the program that was uninstalled.
https://support.kaspersky.com/1464

Restart the computer when the removal is completed.

If all is well and if you wish reinstall the program.
Restart thie computer after the installation.

loopdiloop
2019-11-21, 03:39
Hi Juliet

Yes, I would like to get rid of any bloatware. Just today, booting up my computer after it installed updates took like 5+ minutes. Before I rebooted, when I hit the Start button, it took about 30 seconds for the start menu to pop up. Sometimes IE takes forever to open up, its crazy. When I go to open photos in a folder, either the program crashes or it truly takes about 3-5 minutes to get a photo opened and usually requires multiple tries.

I'm not sure what I am supposed to do with the list of Wild Tangent Games you posted. Am I supposed to copy that into something to remove them? Or should I just go to add/remove programs and remove those?

And what about removing the Toshiba apps? Is that also from add/remove programs?

Also, should I remove any of the programs you had me download to run checks on the system? I have some old ones that a computer place put on here to run checks and wonder if I should delete those now?

And also, to confirm, I should disable windows defender while I am running Kaspersky, correct?

thanks

Chris

loopdiloop
2019-11-21, 03:47
Juliet

I'm trying to Printscreen my add/remove programs page (it looks very different than your list) so you can show what to remove from it. But I can't printscreen for some reason.

I don't see tangent games in there. There is a ton of Toshiba stuff but not sure what is safe to remove or not.

Juliet
2019-11-21, 14:05
Got a question

Was it Kaspersky updates or some sort of Windows updates?

If I'm right, and it's some sort of antivirus updates, it's going to run a scan at that time unless that software has a setting to disable it after updates?
(Don't think you have control over that)

Also, was this machine originally a Windows 7 or Windows 8 then you allowed Microsoft to update the machine to a Windows 10?

~~~~~~~~~~~~~~~~~~~

Let's try this
Using System File Checker in Windows 10
https://support.microsoft.com/en-us/help/4026529/windows-10-using-system-file-checker


~~~~~~~~~~~~~~~~~~~~~~~~~`
After running the above, I would like to see a fresh FRST log

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

(Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)

loopdiloop
2019-11-24, 01:25
Hi Juliet

I don't really understand the context of your question concerning updates for Kaspersky. Are you asking if it was running updates when I was trying to access the web? I don't think it was running a scan or update at the time I was logging in, but I can't really tell.

I did notice that the machine improved a bit when I turned off One Drive completely. That seems to slow things up.

I definitely want to get rid of any bloatware. Do you think it is safe to delete ALL the Toshiba programs in the delete programs feature? Do I need any of those to run my machine.

To answer your other question, this machine has always been Windows 10, it is not a converted machine from 7 or 8. I bought it as a Windows 10.

I will run the other request you asked up above and get back to you shortly.

thanks for your help

Juliet
2019-11-24, 15:29
After running Using System File Checker in Windows 10


Let's see if there are any startup items we can disable to improve performance.

Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


~~~~~~~~~~~~~~

loopdiloop
2019-11-24, 20:01
Hi Juliet

I tried running the file checker and I got a message that said: Error 87 the cleanup image option is unknown.

Chris

loopdiloop
2019-11-24, 20:09
Hi Juliet

here is the hijack this log. Incidentally 1) your specific instructions were not the same pattern but rather it simply went straight to "run scan and open log" after I executed, there were no other prompts and 2) during the scan it put up an error message box saying something about not being able to clean up certain things and that I would have to do it manually (I can't figure out why I can't get my print screen to work to show you) but then it completed the log anyway. see below:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:05:36 AM, on 11/24/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)


Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avpui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\chris\Desktop\Spybot clean up\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {9F904093-6E18-4536-BF5F-B03689CF00F0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll
O3 - Toolbar: Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HP Photosmart 5520 series (NET)] "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3321607X0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service 20.0 (AVP20.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_5218d - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Dragon Assistant Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\WINDOWS\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (file missing)
O23 - Service: GamesAppService - Unknown owner - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.108\elevation_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem59.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Volume Shadow Copy Service Bridge. 20.0 (klvssbridge64_20.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\vssbridge64.exe
O23 - Service: Kaspersky Secure Connection Service 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13446 bytes

Juliet
2019-11-24, 23:14
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

Reboot the computer to set the registry.

loopdiloop
2019-11-30, 04:12
Hi Juliet

Hope you had a nice Thanksgiving.

FYI, the message I get from Hijack this is as follows: "For some reason your system denied access to the hosts file....."

Am fixing as you suggested and will reboot and report back to you.

thanks

Juliet
2019-11-30, 04:18
"For some reason your system denied access to the hosts file
It's kinda a standard message for Windows 10.

After you run HJT and reboot, let me know how the computer is at the moment.

loopdiloop
2019-12-05, 06:57
Hi Juliet

I've been running it over the weekend and testing at different times. Overall, it still is pretty slow, at various operations.

For example, when I open it up to log in, sometimes I have a blue screen for a while until the Microsoft "landscape" images appear, and often they appear but without the login right away, so I am hitting the escape key to bring it up and sometimes it takes a minute for the login to come up. That's just one example.

Or I open ESPN (my home page) in explorer and it takes forever for the page to load initially.

And sometimes there's just wonky things like my volume control in task bar won't open so I have to go thru the control panel to get it to work, but sometimes when I reboot it works again. Or sometimes just clicking on things in the task bar makes them hang up for a while. Or my scroll function will stop working until I reboot.

The biggest annoyance is just how long it takes for program windows to open and for IE to move along at a good pace.

It's just pretty sluggish seeming still.

Sometimes rebooting helps, sometimes it just takes forever to fully boot up.

Juliet
2019-12-05, 12:52
I hope this doesn't boil down to a hardware issue because scans we've run point to bloatware and adware that would not do this to your machine.

Read over the topic in the link I'm posting and follow.

Let me know how it turns out. It's possible I'll need to refer you to a hardware forum to try and seek out whats happening here.

How to Run a Startup Repair in Windows 10
https://www.tenforums.com/tutorials/27649-run-startup-repair-windows-10-a.html

Juliet
2019-12-14, 14:28
It's been 10 days since your last reply.

loopdiloop
2019-12-14, 23:23
Sorry Juliet. I've been tied up with work in holidays. I will respond to your last message

loopdiloop
2019-12-14, 23:25
I'd still like your help removing the Toshiba stuff. I will research the startup repair thread and get back to you.

thank you for your patience

Juliet
2019-12-16, 13:53
Sorry for the delay in replying, I didn't get a notice you had replied.

The items I saw in your add/remove programs list were not involved in startups.

Whats the age of this computer?

I may have asked this already, if you boot into safe mode does it run still very slow?

loopdiloop
2019-12-18, 07:01
Hi Juliet

I can't recall but probably about 3-5 years max. Probably closer to 3 years.

I haven't booted into safe mode. I'm not sure how to do that. I'm a little nervous with the advance level stuff.

I read the links you gave me about running startup repair and I was not following the material/steps as they present it such that I was uncomfortable attempting this myself. The steps don't look the same and the commands are not what I am seeing or maybe it is in a different order, but it doesn't look familiar enough. It's not like how you guys explain stuff which is very clear and precise.

My computer took about 15-20 mins to boot up tonight. It is so slow. I did a hard shutdown on it today after IE was so slow to run I got sick of it and just shut it off.

Opening the file folder, excel or photos can take anywhere from 1-3 minutes to open. It's crazy. It takes FOREVER for IE to open. Maybe it's corrupted?

I can never tell if Windows defender turns back on when Kaspersky is on, or if there are programs running in the background. I wish there was a way to stop all programs from running automatically or at least be able to open a window to see what is running at any given moment and have the option to shut it off.

I think I shut off the idrive or icloud thing which was always updating.

Juliet
2019-12-18, 12:55
from the symptoms, it could be either a hard drive issue or a ram issue
the system was trying to do automatic update to a backup, how updated is your W10? Do you have all of the most recent updates? If your system is playing catch up to install those patches, it will take a while.

Windows Defender will not run as long as you have Kaspersky on the machine. By design it will/should be disabled because of having the 2 antivirus on there.

We havent run a rootkit scan, not saying you have one but this should tell us if any of these problems are related to infection.

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit Beta (https://downloads.malwarebytes.com/file/mbar/) and save it to your desktop.

Double-click the file to run it. Select the extraction path as your desktop. (MBAR will be launched shortly after the extraction)
https://i.imgur.com/HTCF1SV.png
Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next

Make sure all the checkboxes are checked, then click on the Scan button, and let it complete the scan (this can take a while)

Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
Copy/paste the content of that log in your next reply.

---------------------------------------------

loopdiloop
2019-12-19, 20:01
Thanks for your help on this Juliet *just a heads up, I may be a bit slow to respond/address this given heading into xmas week and working late, family obligations, etc so I haven't had much time in the evenings, but I will stay on it*

Pretty sure that windows runs updates regularly, but I did notice that when I went into the system folder and looked under updates, it said there were several updates that have failed to install and it will keep trying. I tried to manually run the update but it seems to be having trouble going through.

As far as Windows defender is concerned, I constantly get conflicting messages. Sometimes after I reboot is says I need to turn on my security settings for Kaspersky, sometimes it says I need to turn on Windows, sometimes it says both are off and sometimes it appears both are on......it's really confusing. Defender is the tricky one because I can't really tell if it is on or off. MS is sneaky that way I guess.

I will try running rootkit scan tonight or tomorrow and get back to you with results.

thank you!

Juliet
2019-12-20, 12:52
Thanks for your help on this Juliet *just a heads up, I may be a bit slow to respond/address this given heading into xmas week and working late, family obligations, etc so I haven't had much time in the evenings, but I will stay on it*

Pretty sure that windows runs updates regularly, but I did notice that when I went into the system folder and looked under updates, it said there were several updates that have failed to install and it will keep trying. I tried to manually run the update but it seems to be having trouble going through.

As far as Windows defender is concerned, I constantly get conflicting messages. Sometimes after I reboot is says I need to turn on my security settings for Kaspersky, sometimes it says I need to turn on Windows, sometimes it says both are off and sometimes it appears both are on......it's really confusing. Defender is the tricky one because I can't really tell if it is on or off. MS is sneaky that way I guess.

I will try running rootkit scan tonight or tomorrow and get back to you with results.

thank you!
I understand this is a bad time to try and work on the computer. It's very close to the holidays and family comes first.

You might have hit the nail on the head here. I don't think this is related to malware, there seems to be a battle between Microsoft in a loop to install failed updates (No idea why) and possibly an overpowering antivirus.
When Windows updates are trying to install it's at bootup (This creates an abnormal long time trying to install the updates). And since it fails it starts the cycle again trying to download which uses a large amount of resources.....creating lag.

Found an article that might give some insight.

https://support.microsoft.com/en-in/help/10164/fix-windows-update-errors


Run Windows Update Troubleshooter.
Manually download and install updates.
Disable your antivirus.

loopdiloop
2019-12-22, 02:46
Juliet

I rant the rootkit scan and there was no log. It said no malware was found the computer is clean.

I will review your other posts but maybe I need to work instead on hardware/software issues?

Chris

Juliet
2019-12-22, 14:00
Juliet

I ran the rootkit scan and there was no log. It said no malware was found the computer is clean.
No log was created because there was nothing to remove.



I will review your other posts but maybe I need to work instead on hardware/software issues?
Chris

Thats my thoughts.

Juliet
2020-01-04, 13:09
bump...

loopdiloop
2020-01-05, 04:24
Hi Juliet

I hope you had a nice holiday season.

So I downloaded the program from Microsoft that was supposed to address my update issues. I ran it and it just seemed to get caught in a loop where it just never completed its process for repairing my MS downloads. When I check my updates files, it says there was an error running updates but the update never gets completed. It keeps trying to re-run it, I suppose, but it never gets updated.

Not sure what to try at this point.

thanks

Chris

Juliet
2020-01-05, 13:24
I saw something recently that a Microsoft update went out thats kinda created havoc, don't know if this relates to you and the problems your having but do keep this under your hat.

Before completely running out of ideas of what to do next:

Kaspersky Internet Security

CodeIntegrity:
============
There are several errors related to Kaspersky
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

This doesn't mean of course the entire problems/s is all because of Kaspersky but it is a possibilty.

What you can try
Uninstall Kaspersky Internet Security, then re-install it again to see if the issues remain.
Do have handy any paid subscription info if this is a paid for subscription.

Download and run their uninstaller tool from this site.
This will remove all traces of the program that was uninstalled.
https://support.kaspersky.com/1464

Restart the computer when the removal is completed.

If all is well and if you wish reinstall the program.
Restart thie computer after the installation.
I can also supply a list of free antivirus and paid for antivirus applications if needed.
-----

Lets try this:
Download Windows Repair (All-in-One) Portable (https://www.bleepingcomputer.com/download/windows-repair-all-in-one/dl/275/)


Disable all your antivirus and antimalware software - see how to do that from here (https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/) <= Important

- Right click on https://i.imgur.com/QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
https://i.imgur.com/2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
https://i.imgur.com/Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.

- Go to Step 4, then click Do It.
https://i.imgur.com/zDtdN75.png

- Go to Step 5. Under System Restore click Create.
https://i.imgur.com/f7lEe1N.png

- Go to Repairs and click Open Repairs. Unselect all checkmarks, except Repair WMI, then click Start Repairs.
https://i.imgur.com/PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

Let me know how you make out on the above.

loopdiloop
2020-01-18, 22:48
Thanks Juliet. This will take me some time.

Is there a reason the MS issue is hush hush?

And are you saying YOU see an issue with Kaspersky on my machine or is it something you've read? Maybe I can contact Kaspersky and see if they know about any issues?

Juliet
2020-01-19, 01:53
Thanks Juliet. This will take me some time.

Is there a reason the MS issue is hush hush?

And are you saying YOU see an issue with Kaspersky on my machine or is it something you've read? Maybe I can contact Kaspersky and see if they know about any issues?

The Microsoft issues are not hush hush. Every month there are new reports on google and other web sites reporting problems with the latest ones distributed.

The FRST tool reports issues found in the event viewer, there is where I saw errors referring to Ksapersky
CodeIntegrity:
============
There are several errors related to Kaspersky
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

This doesn't mean of course the entire problems/s is all because of Kaspersky but it is a possibility.
You would probably help yourself out contacting Kaspersky with what is found in the report. There wasn't just one there were several.

Juliet
2020-01-28, 14:41
Glad we could help. http://i.imgur.com/SakDYGv.gif
Since this issue appears resolved ... this Topic is closed.