Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Malware issues?

  1. #1
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default Malware issues?

    Hi guys

    My machine has been a slug recently and I've seen several virus threats that I am not sure Kaspersky caught, so I suspect some infection.

    Another issue is that when I try to run aswmbr, it shuts down my machine. I've tried three times now and each time I get a blue screen saying something about "installing a program that is not allowed" caused a Stopcode error with windows.

    So I am posting the FRST and addition logs below. Can you advise how to deal with the other issue? Not sure if that is the virus or not preventing me from running it. Let me know if you would like to see a photo of the blue screen error message.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2019
    Ran by chris (administrator) on CHRIS (TOSHIBA Satellite P55-A) (10-11-2019 20:03:27)
    Running from C:\Users\chris\Desktop
    Loaded Profiles: chris (Available Profiles: chris)
    Platform: Windows 10 Home Version 1903 18362.295 (X64) Language: English (United States)
    Default browser: Edge
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
    (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
    (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avpui.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
    (Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
    (LeapFrog Enterprises, Inc.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    (LeapFrog Enterprises, Inc.) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Windows Third Party Application Component -> Adobe) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (SUPERAntiSpyware.com -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe
    (TOSHIBA CORPORATION -> ) C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
    (TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
    (TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\Toshiba\PasswordUtility\readLM.exe
    (Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc. -> Apple Inc.)
    HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (AlcorMicro, Corp. -> Alcor Micro Corp.)
    HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA CORPORATION -> TOSHIBA)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) [File not signed]
    HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6210368 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
    HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.97\Installer\chrmstp.exe [2019-11-08] (Google LLC -> Google LLC)
    Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2019-04-18]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1083DCAB-BA19-45AF-A749-B370E678AC42} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {201EDC77-7220-433E-AE92-E56EC5227D33} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {4D3AF2D2-BACC-4267-B0F7-EEA299F9E1D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [32256 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
    Task: {73302D47-F5DE-442F-9B3C-7D51BF6C16E1} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {74BB7635-0E01-433A-AC00-81DA71BAB320} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-09-28] (Kaspersky Lab -> AO Kaspersky Lab)
    Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
    Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {94F3D4D0-2A7C-4711-BC50-B4FCAF6BE66A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
    Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A2EC85BB-BAC2-4381-BFE3-FA7B7DCF5595} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [979024 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {A7BE614B-DC35-42DF-A71E-D8DD3CFF1888} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-09] (Adobe Inc. -> Adobe)
    Task: {B1448C0D-F286-420B-8ADD-9CD7220864BF} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [655464 2013-07-31] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
    Task: {BA74D9F0-E2D3-4E1A-BF8D-1225A1A27775} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
    Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {D09AE9AB-24E7-499D-AEF4-9C34C265C764} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
    Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
    Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {DCBABE69-0724-4882-AE78-7FD39EE41D8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-09] (Adobe Inc. -> Adobe)
    Task: {E5E281D3-6F53-43C0-8745-9E392D262435} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
    Task: {E655E64F-4FD1-4D54-87C1-1560C8086D48} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4401240 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
    Task: {E7BAE77E-FA90-4E88-AABE-6D206B6B9531} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
    Task: {F26AAE76-3AD2-46C5-AE02-DA175EB9D038} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
    Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61
    Tcpip\..\Interfaces\{2c20a66b-be6f-42a3-bdf7-de38d6ca1406}: [DhcpNameServer] 209.18.47.63 209.18.47.61
    Tcpip\..\Interfaces\{6560803b-6c81-49ac-830a-601d696dc172}: [DhcpNameServer] 192.168.1.1 4.2.2.2
    Tcpip\..\Interfaces\{9b42df81-51ed-444c-894a-35329219ee50}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{b7d95276-6608-4092-b839-ee7e745a172b}: [DhcpNameServer] 172.20.10.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-277956631-559940316-2728223971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://espn.go.com/
    SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2019-08-20] (Microsoft Corporation -> Microsoft Corporation)
    BHO: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2019-10-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Kaspersky Protection -> {9F904093-6E18-4536-BF5F-B03689CF00F0} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    Toolbar: HKLM - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
    Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\IEExt\ie_plugin.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation -> Microsoft Corporation)

    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
    FF HKLM\...\Firefox\Extensions: [light_plugin_B29D4AD94F82454BBC9215BCBD7E80AE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi [2019-09-28]
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F363A72DD7B6435783A76E5F612C9006@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_B29D4AD94F82454BBC9215BCBD7E80AE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\FFExt\light_plugin_firefox\addon.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-09] (Adobe Inc. -> )
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-30] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.342\npGoogleUpdate3.dll [2019-11-05] (Google Inc -> Google LLC)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-07-17] (WildTangent Inc -> )
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-277956631-559940316-2728223971-1001: @citrixonline.com/appdetectorplugin -> C:\Users\chris\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-03] (Citrix Online -> Citrix Online)

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://espn.go.com/"
    CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2019-10-06]
    CHR Extension: (Slides) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-24]
    CHR Extension: (Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-24]
    CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-15]
    CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-15]
    CHR Extension: (Sheets) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-24]
    CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-02-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
    CHR Extension: (Gmail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-06]
    CHR Extension: (Chrome Media Router) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-10-06]
    CHR HKLM\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk
    CHR HKLM-x32\...\Chrome\Extension: [elhpdacimkjpccooodognopfhbdgnpbk] - hxxps://chrome.google.com/webstore/detail/elhpdacimkjpccooodognopfhbdgnpbk

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
    R2 AVP20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe [357416 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058256 2019-02-13] (Microsoft Corporation -> Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [435088 2013-07-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-07] (Dropbox, Inc -> Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-10-30] (Dropbox, Inc -> Dropbox, Inc.)
    R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] (DTS, Inc. -> )
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [399720 2017-07-17] (WildTangent Inc -> WildTangent)
    R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] (TOSHIBA CORPORATION -> )
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370848 2019-05-05] (Intel Corporation -> Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Trusted Connect Service -> Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    S3 klvssbridge64_20.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\vssbridge64.exe [438928 2019-03-21] (Kaspersky Lab -> AO Kaspersky Lab)
    R2 KSDE3.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
    R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [246912 2019-02-16] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [76624 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [129152 2019-08-02] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [93312 2019-03-12] (Kaspersky Lab -> AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37816 2019-01-24] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [251512 2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [514688 2019-06-13] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1204856 2019-09-12] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys [199744 2019-11-10] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [998016 2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [58192 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [79184 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [59512 2019-03-18] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [51328 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
    S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [45904 2019-03-10] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [48080 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
    R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [251256 2019-10-14] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [306248 2019-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
    R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [119744 2019-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [204520 2019-10-22] (Kaspersky Lab -> AO Kaspersky Lab)
    S3 klupd_klif_swmon; C:\WINDOWS\System32\Drivers\klupd_klif_swmon.sys [209928 2018-11-24] (Kaspersky Lab -> AO Kaspersky Lab)
    S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [105600 2019-03-05] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [210280 2019-03-13] (Kaspersky Lab -> AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [232272 2019-03-19] (Kaspersky Lab -> AO Kaspersky Lab)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
    R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
    R2 PEGAGFN; C:\Program Files (x86)\Toshiba\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON CORPORATION -> PEGATRON)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2017-05-04] (Synaptics Incorporated -> Synaptics Incorporated)
    R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-16] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ===================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-10 20:03 - 2019-11-10 20:05 - 000033244 _____ C:\Users\chris\Desktop\FRST.txt
    2019-11-10 20:00 - 2019-11-10 20:04 - 000000000 ____D C:\FRST
    2019-11-10 19:58 - 2019-11-10 19:58 - 002260480 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
    2019-11-10 19:54 - 2019-11-10 19:54 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2019-11-10 19:54 - 2019-11-10 19:54 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
    2019-11-10 19:54 - 2019-11-10 19:54 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-CHRIS-Windows-10-Home-(64-bit).dat
    2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\RegBackup
    2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2019-11-10 19:54 - 2019-11-10 19:54 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
    2019-11-10 19:53 - 2019-11-10 19:54 - 000017985 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2019-11-10 19:52 - 2019-11-10 19:52 - 005766144 _____ (Tweaking.com) C:\Users\chris\Desktop\tweaking.com_registry_backup_setup.exe
    2019-11-10 19:51 - 2019-11-10 19:51 - 003449206 _____ C:\Users\chris\Downloads\tweaking.com_registry_backup_portable.zip
    2019-11-01 06:52 - 2019-11-01 06:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2019-10-30 10:45 - 2019-10-30 10:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
    2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2019-10-30 10:45 - 2019-10-30 10:45 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
    2019-10-23 06:56 - 2019-10-23 06:56 - 000000000 ___HD C:\OneDriveTemp
    2019-10-15 20:44 - 2019-10-15 20:44 - 005911489 _____ C:\Users\chris\Desktop\LL Fall 2019.pdf
    2019-10-15 07:24 - 2019-10-15 07:24 - 000306248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
    2019-10-15 07:23 - 2019-10-15 07:23 - 000119744 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
    2019-10-14 14:45 - 2019-10-14 14:46 - 000000000 ____D C:\Users\chris\Desktop\Chukka shoes
    2019-10-14 07:56 - 2019-10-22 07:22 - 000204520 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
    2019-10-14 07:56 - 2019-10-14 07:56 - 000251256 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
    2019-10-13 20:18 - 2019-09-19 20:36 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2019-10-13 20:18 - 2019-09-19 20:14 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-11-10 20:08 - 2013-12-30 15:49 - 000000000 ___RD C:\Users\chris\SkyDrive
    2019-11-10 20:04 - 2014-01-05 00:39 - 000000000 ____D C:\ProgramData\Kaspersky Lab
    2019-11-10 19:41 - 2019-03-18 20:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2019-11-10 19:35 - 2019-08-25 18:41 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2019-11-10 19:35 - 2019-03-18 20:50 - 000000000 ____D C:\WINDOWS\INF
    2019-11-10 19:29 - 2017-08-16 21:41 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2019-11-10 19:29 - 2016-05-31 19:53 - 000000000 __SHD C:\Users\chris\IntelGraphicsProfiles
    2019-11-10 19:27 - 2019-08-25 18:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2019-11-10 19:26 - 2019-03-18 20:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
    2019-11-10 19:26 - 2019-03-18 20:37 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
    2019-11-10 18:30 - 2019-08-25 18:59 - 000004144 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7F7B6025-52D1-44A2-9583-D077D3F06E41}
    2019-11-10 18:27 - 2019-08-25 18:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2019-11-10 10:37 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\AppReadiness
    2019-11-09 10:07 - 2019-03-18 20:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2019-11-08 08:02 - 2016-09-15 14:15 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2019-11-08 08:02 - 2016-09-15 14:15 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2019-11-08 08:02 - 2016-09-15 14:15 - 000002271 _____ C:\ProgramData\Desktop\Google Chrome.lnk
    2019-11-07 07:54 - 2019-03-18 20:52 - 000000000 ___HD C:\Program Files\WindowsApps
    2019-11-06 09:05 - 2019-04-06 09:01 - 000000000 ____D C:\Users\chris\AppData\Local\ElevatedDiagnostics
    2019-11-05 07:41 - 2019-08-25 18:59 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2019-11-05 07:41 - 2019-08-25 18:59 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2019-11-05 07:41 - 2013-12-02 00:53 - 000000000 ____D C:\Program Files (x86)\Google
    2019-11-03 10:22 - 2019-03-18 20:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2019-11-01 06:56 - 2016-02-07 13:00 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2019-10-31 07:08 - 2017-12-26 08:44 - 000998016 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
    2019-10-31 07:08 - 2017-12-26 08:44 - 000251512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
    2019-10-27 10:22 - 2019-09-16 19:32 - 000000000 ____D C:\Users\chris\Desktop\Isabel random
    2019-10-23 06:53 - 2019-08-25 18:59 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-277956631-559940316-2728223971-1001
    2019-10-23 06:52 - 2019-08-25 18:23 - 000002410 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2019-10-18 00:01 - 2019-10-03 06:56 - 000000000 __SHD C:\found.000
    2019-10-15 06:45 - 2013-12-30 15:58 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2019-10-14 13:46 - 2017-12-29 01:21 - 000000000 ____D C:\Users\chris\AppData\Local\Packages
    2019-10-13 22:22 - 2014-01-05 20:50 - 000000000 ____D C:\WINDOWS\system32\MRT
    2019-10-13 22:11 - 2014-01-05 20:50 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2019-10-13 21:54 - 2019-08-25 18:23 - 000000000 ____D C:\Users\chris

    ==================== Files in the root of some directories ========

    2014-06-01 01:44 - 2016-08-28 14:15 - 000017408 _____ () C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================



    Addition.Txt log

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2019
    Ran by chris (10-11-2019 20:10:15)
    Running from C:\Users\chris\Desktop
    Windows 10 Home Version 1903 18362.295 (X64) (2019-08-26 03:01:42)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-277956631-559940316-2728223971-500 - Administrator - Disabled)
    chris (S-1-5-21-277956631-559940316-2728223971-1001 - Administrator - Enabled) => C:\Users\chris
    DefaultAccount (S-1-5-21-277956631-559940316-2728223971-503 - Limited - Disabled)
    Guest (S-1-5-21-277956631-559940316-2728223971-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-277956631-559940316-2728223971-1003 - Limited - Enabled)
    WDAGUtilityAccount (S-1-5-21-277956631-559940316-2728223971-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Kaspersky Anti-Virus (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
    AS: Kaspersky Anti-Virus (Disabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.270 - Adobe)
    Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\{420ED767-62A5-462F-9DDA-AE3A95D4BF32}) (Version: 4.8.1245.73583 - Alcor Micro Corp.) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.8.1245.73583 - Alcor Micro Corp.)
    Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Bejeweled 3 (HKLM-x32\...\WTA-2d4ec317-ec85-4b0e-8626-bf5c5d9f40df) (Version: 2.2.0.97 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Dragon Assistant Application en-US version 1.5.11 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.12 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.12 - Nuance Communications, Inc.)
    Dragon Assistant Installer version 1.5.11 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.11 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.4 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.4 - Nuance Communications, Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 84.4.170 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
    DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
    FREE MSG File Viewer version 2.0 (HKLM-x32\...\{2D370F64-93D0-4731-B27B-35869AEEB460}_is1) (Version: 2.0 - SysTools Software)
    Free Unpacker (HKLM-x32\...\JujubaSoftwareFreeUnpacker) (Version: 1.0 - Jujuba Software)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
    Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
    HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{38561F82-2984-4C99-ADD7-D1166BC3D552}) (Version: 3.0.1335.05 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
    iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
    Kaspersky Anti-Virus (HKLM-x32\...\{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky) Hidden
    Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{D891550B-ACFE-4797-B368-BCFC434BBEB1}) (Version: 20.0.14.1085 - Kaspersky)
    Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
    King Oddball (HKLM-x32\...\WTA-37ea9933-72a6-47b7-a591-8a883511739a) (Version: 3.0.2.48 - WildTangent) Hidden
    LeapFrog Connect (HKLM-x32\...\{8A0C34E5-01A6-476B-87F3-321ABAA3948D}) (Version: 6.0.19.19317 - LeapFrog) Hidden
    LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
    LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{A7D849DD-D940-4ECF-ABF2-2022C60F85C9}) (Version: 6.0.19.19317 - LeapFrog) Hidden
    Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5179.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-277956631-559940316-2728223971-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM-x32\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.8.0 - Mozilla)
    Mozilla Thunderbird 60.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.8.0 (x86 en-US)) (Version: 60.8.0 - Mozilla)
    Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5179.1000 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0f68d65e-e914-49e6-a7ad-5b1860066f42) (Version: 2.2.0.98 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    REAPER (x64) (HKLM\...\REAPER) (Version: - )
    Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.5.90191 - Sonos, Inc.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
    Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
    TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
    TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0003.64001 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.344 - Toshiba Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
    TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.1.1.30 - WildTangent) Hidden
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

    Packages:
    =========
    - Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-07-02] (WildTangent Games)
    Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-27] (Amazon.com)
    Book Place -> C:\Program Files\WindowsApps\K-NFBReadingTechnologiesI.BookPlace_2.0.3615.0_x64__vwcaa66y1ah8t [2014-06-05] (K-NFB Reading Technologies, Inc.)
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.2.6.0_x86__kgqvnymyfvs32 [2019-10-28] (king.com)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
    Deals & Offers -> C:\Program Files\WindowsApps\2B24874D.DealsOffers_1.0.0.4_neutral__v10edqkhnj0dg [2013-12-30] (Synacor, Inc.)
    Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.4.0.5_x86__h6adky7gbf63m [2019-10-15] (Gameloft.)
    eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-04] (eBay, Inc)
    Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.21.8716.0_x86__q4d96b2w5wcc2 [2019-10-13] (Evernote)
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-15] (HP Inc.)
    Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-09] (Hulu.)
    iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-06-26] (iHeartMedia.)
    Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-22] (AMZN Mobile LLC)
    Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-26] (Microsoft Corporation) [MS Ad]
    Media Player by sMedio TrueLink+ -> C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.4.33.0_x64__679ekb9hp1h62 [2019-01-31] (sMedio)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-09] (Microsoft Corporation) [MS Ad]
    Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-13] (Microsoft Studios) [MS Ad]
    MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
    MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
    MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
    MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
    MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-19] (Microsoft Corporation) [MS Ad]
    MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
    Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-11-02] (Netflix, Inc.)
    Norton Studio -> C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_2.2.0.0_x86__v68kp9n051hdp [2018-04-20] (Symantec Corporation)
    Toshiba Central -> C:\Program Files\WindowsApps\ToshibaAmericaInformation.ToshibaCentral_1.3.0.4_neutral__r8x1fxsdcnpjw [2015-05-13] (Toshiba America Information Systems, Inc.)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
    Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2014-11-27] (Microsoft Corporation) [MS Ad]
    Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2014-04-18] (Zinio LLC)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-277956631-559940316-2728223971-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\chris\Dropbox [2016-02-07 13:10]
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers1: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    ContextMenuHandlers2: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
    ContextMenuHandlers4: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)
    ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-09-05] (Dropbox, Inc -> Dropbox, Inc.)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [Kaspersky Anti-Virus 20.0] -> {6E1B4453-548D-4C43-A4AB-DE8D1D3DE17B} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\ShellEx.dll [2019-10-31] (Kaspersky Lab -> AO Kaspersky Lab)

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\chris\Favorites\Verizon Links\About Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_cor
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_hel
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Safety & Security.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_safet
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Search.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_allsearc
    Shortcut: C:\Users\chris\Favorites\Verizon Links\SuperPages.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_superp
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Switching Tips.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_switc
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Verizon Wireless.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_vzwireles
    Shortcut: C:\Users\chris\Favorites\Verizon Links\Welcome Page.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=wc_welcom
    Shortcut: C:\Users\chris\Favorites\Verizon Central\Broadband Beat.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_dslliv
    Shortcut: C:\Users\chris\Favorites\Verizon Central\E-Mail & More.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_webmai
    Shortcut: C:\Users\chris\Favorites\Verizon Central\Help.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_hel
    Shortcut: C:\Users\chris\Favorites\Verizon Central\My Account.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_myacc
    Shortcut: C:\Users\chris\Favorites\Verizon Central\My Web Space.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_mywebs
    Shortcut: C:\Users\chris\Favorites\Verizon Central\Shop Verizon.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_shopv
    Shortcut: C:\Users\chris\Favorites\Verizon Central\Verizon Central.lnk -> hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_centra

    ==================== Loaded Modules (Whitelisted) =============

    2014-02-01 12:30 - 2014-02-01 12:30 - 000861184 _____ () [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
    2013-12-02 00:55 - 2013-07-02 14:29 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2013-12-02 00:55 - 2012-04-20 13:17 - 001888256 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\xerces-c_3_1.dll
    2014-04-09 14:34 - 2014-04-09 14:34 - 004053504 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Core.dll
    2014-02-01 12:25 - 2014-02-01 12:25 - 004113408 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Gui.dll
    2014-02-01 12:23 - 2014-02-01 12:23 - 000816640 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Network.dll
    2014-04-09 14:34 - 2014-04-09 14:34 - 004375552 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Qt5Widgets.dll
    2013-04-22 07:50 - 2013-04-22 07:50 - 022317056 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icudt51.dll
    2013-04-22 07:49 - 2013-04-22 07:49 - 001767424 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icuin51.dll
    2013-04-22 07:49 - 2013-04-22 07:49 - 001295872 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\icuuc51.dll
    2013-12-02 00:55 - 2012-04-20 13:17 - 005024256 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icudt48.dll
    2013-12-02 00:55 - 2012-04-20 13:17 - 001043456 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Nuance\Dragon Assistant\Core\icuuc48.dll
    2015-10-09 05:42 - 2003-01-26 13:41 - 000040960 _____ (vbAccelerator) [File not signed] C:\Program Files (x86)\Tweaking.com\Registry Backup\SSubTmr6.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer trusted/restricted ==========

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
    HKU\S-1-5-21-277956631-559940316-2728223971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chris\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img5.jpg
    DNS Servers: 209.18.47.63 - 209.18.47.61
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
    HKLM\...\StartupApproved\Run32: => "Dropbox"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{FFBFD921-C4BD-4E73-B657-0E3BCBBF2B19}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
    FirewallRules: [UDP Query User{E73E4B54-C5E9-4F42-B853-131DB8A04434}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{F5FF7D89-443C-462B-9EB5-AAE90353FC39}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [{AE2D354B-1BD5-4124-A31A-E4AB600EB1ED}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{0DE936AF-DEA2-4CDB-98F8-A356F254A882}] => (Allow) C:\Users\chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
    FirewallRules: [{5080A592-99AF-43BB-8792-5AC07957386A}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{4C604046-80B3-4101-9D4E-955496C872A6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{E5B2A8A0-3174-421C-8BF1-2CDCEA379A73}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
    FirewallRules: [{8843D35B-976B-47FC-937C-BA7C94A3BCE4}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe (LeapFrog Enterprises, Inc.) [File not signed]
    FirewallRules: [{B79E5F9A-7A08-4351-8343-041558289D16}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
    FirewallRules: [{41946D1C-AD6F-408F-A92E-218E1EBA0A35}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe (Sonos, Inc. -> Sonos, Inc.)
    FirewallRules: [{CD65AAC1-5034-471E-BB5C-308CB96F43A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{77C9040B-01B6-4854-825D-DA3042C4F2B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{F42AE5A1-CA2F-47E3-BEE5-71E27D6DB9F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2E5AE58B-F677-45B5-AEB2-8FC0093D3243}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{2883DB37-8A60-4FB8-B1E5-81651236E496}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
    FirewallRules: [{874C82FA-4E7C-47A4-BC11-07819CA620CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    ==================== Restore Points =========================

    22-10-2019 06:55:54 Windows Update
    23-10-2019 08:23:20 Windows Modules Installer
    29-10-2019 08:47:24 Windows Update
    02-11-2019 09:54:51 Windows Modules Installer
    08-11-2019 08:16:25 Windows Update
    09-11-2019 09:14:42 Windows Modules Installer

    ==================== Faulty Device Manager Devices ============

    Name:
    Description:
    Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
    Manufacturer:
    Service:
    Problem: : Reinstall the drivers for this device. (Code 18)
    Resolution: The drivers for this device must be reinstalled.
    Click "Update Driver", which starts the Hardware Update wizard.
    Alternately, uninstall the driver, and then click "Scan for hardware changes" to reload the drivers.


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (11/10/2019 08:03:00 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (2096,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (11/10/2019 07:37:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (11/10/2019 07:33:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SearchUI.exe version 10.0.18362.267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 87c

    Start Time: 01d5984066ba6a74

    Termination Time: 4294967295

    Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

    Report Id: ccf01f21-8a37-4915-ad3d-8dc7da98a4fe

    Faulting package full name: Microsoft.Windows.Cortana_1.12.3.18362_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: CortanaUI

    Hang type: Cross-thread

    Error: (11/10/2019 07:21:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: a0a8

    Start Time: 01d5983e915bb01a

    Termination Time: 52

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 3cdf31ed-98f9-4443-8187-09a77427c76a

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (11/10/2019 07:13:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.18362.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 401c

    Start Time: 01d5983b4b3fb4ed

    Termination Time: 77

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: 47c540f7-5974-42bd-8059-1ecae25b7355

    Faulting package full name:

    Faulting package-relative application ID:

    Hang type: Unknown

    Error: (11/10/2019 07:00:58 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (24652,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (11/10/2019 06:33:45 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: svchost (42260,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    Error: (11/10/2019 06:27:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Chris.local already in use; will try Chris-2.local instead


    System errors:
    =============
    Error: (11/10/2019 07:38:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Downloaded Maps Manager service hung on starting.

    Error: (11/10/2019 07:35:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service hung on starting.

    Error: (11/10/2019 07:32:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Delivery Optimization service hung on starting.

    Error: (11/10/2019 07:29:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/10/2019 07:29:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

    Error: (11/10/2019 07:29:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/10/2019 07:29:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (45000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

    Error: (11/10/2019 07:26:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.


    CodeIntegrity:
    ===================================

    Date: 2019-11-10 19:40:07.450
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.394
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.343
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.291
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.223
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.166
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.112
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    Date: 2019-11-10 19:40:07.049
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\antimalware_provider.dll that did not meet the Microsoft signing level requirements.

    ==================== Memory info ===========================

    BIOS: TOSHIBA 1.50 11/04/2013
    Motherboard: TOSHIBA VG10ST
    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 61%
    Total physical RAM: 6056.14 MB
    Available physical RAM: 2329.15 MB
    Total Virtual: 10408.14 MB
    Available Virtual: 6452.82 MB

    ==================== Drives ================================

    Drive c: (TI10672100G) (Fixed) (Total:687.5 GB) (Free:444.75 GB) NTFS

    \\?\Volume{4c3a3593-2f30-11e3-bd3e-cd66f894e8a7}\ (System) (Fixed) (Total:1 GB) (Free:0.63 GB) NTFS
    \\?\Volume{63f750c1-d9ee-4c20-a58a-25bcdc644756}\ () (Fixed) (Total:0.99 GB) (Free:0.43 GB) NTFS
    \\?\Volume{111f9b2d-5b32-11e3-82e7-0c54a53cb7a9}\ (Recovery) (Fixed) (Total:8.92 GB) (Free:0.8 GB) NTFS
    \\?\Volume{4c3a359b-2f30-11e3-bd3e-cd66f894e8a7}\ () (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt =======================

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Hi and welcome.

    As far as seeing anything suspicious, I didn't see it.

    To run a few tools and try to find anything we will need to probably temporarily disable Kaspersky antivirus.
    Kaspersky's installer detects some malware removal tools as incompatible if installed.

    double-click on Kaspersky icon in the notification area of the taskbar & disable it. For as long a period of time as possible.
    Of course, as soon as the downloaded tools have run and created log files, please re-enable it again.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
    Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
    Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


    ~~~~~~

    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply


    ~~~

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default

    Hi Juliet

    Thanks for your patience!

    Note: Adaware did not technically ask to "clean and repair" but rather "quarantine". Not sure if it was supposed to but I think it quarantined my Toshiba apps. Not that I use them, not sure what they are anyways, but just an FYI.


    thanks

    Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 14-11-2019
    Ran by chris (14-11-2019 20:31:22) Run:1
    Running from C:\Users\chris\Desktop
    Loaded Profiles: chris (Available Profiles: chris)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    Task: {03804D90-E3BB-4995-B27B-221D1EB87A12} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1DE60D64-BEF8-4A46-83C9-C6F902CB11C3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2A9EF887-BC15-40BD-87D8-997FE7CBA94B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {66CE63E0-7E04-4CC8-9AFF-1648579F2EEC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {7DF5191C-A5E4-44E8-886C-63133B5B9DAC} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {8810D352-EF96-44CF-9B29-F53020015A69} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {91F272B8-9AE7-4300-92A7-093A7337D331} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {9E63A896-0F0C-4CD5-90E6-7146B450947D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9EB8DB7C-E097-487B-87C4-279E5A61938F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {A34DFE34-DF41-49FA-B85E-55EBCA3575F2} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
    Task: {CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D11B28F7-9C63-425C-8193-F70EA2F360C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {D5770006-766C-48A5-B37E-D75CFE705358} - \WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001 -> No File <==== ATTENTION
    Task: {D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {F51416A4-98B8-4142-B210-6B9F65FFCB80} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    SearchScopes: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> {263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} URL =
    Toolbar: HKU\S-1-5-21-277956631-559940316-2728223971-1001 -> No Name - {C500C267-63BF-451F-8797-4D720C9A2ED9} - No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03804D90-E3BB-4995-B27B-221D1EB87A12}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03804D90-E3BB-4995-B27B-221D1EB87A12}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DE60D64-BEF8-4A46-83C9-C6F902CB11C3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DE60D64-BEF8-4A46-83C9-C6F902CB11C3}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A9EF887-BC15-40BD-87D8-997FE7CBA94B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A9EF887-BC15-40BD-87D8-997FE7CBA94B}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49BC5B9B-B9A0-4E2B-BEE0-073EA9E3DD3C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66CE63E0-7E04-4CC8-9AFF-1648579F2EEC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66CE63E0-7E04-4CC8-9AFF-1648579F2EEC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DF5191C-A5E4-44E8-886C-63133B5B9DAC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DF5191C-A5E4-44E8-886C-63133B5B9DAC}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8810D352-EF96-44CF-9B29-F53020015A69}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8810D352-EF96-44CF-9B29-F53020015A69}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91F272B8-9AE7-4300-92A7-093A7337D331}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91F272B8-9AE7-4300-92A7-093A7337D331}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A8B57EF-2D2C-48AF-8BC9-10CDC51F6727}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E63A896-0F0C-4CD5-90E6-7146B450947D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E63A896-0F0C-4CD5-90E6-7146B450947D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB8DB7C-E097-487B-87C4-279E5A61938F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB8DB7C-E097-487B-87C4-279E5A61938F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A34DFE34-DF41-49FA-B85E-55EBCA3575F2}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A34DFE34-DF41-49FA-B85E-55EBCA3575F2}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA9FBDC3-0405-46FE-B5DD-3E45CA660A9D}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D11B28F7-9C63-425C-8193-F70EA2F360C1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D11B28F7-9C63-425C-8193-F70EA2F360C1}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5770006-766C-48A5-B37E-D75CFE705358}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5770006-766C-48A5-B37E-D75CFE705358}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-277956631-559940316-2728223971-1001" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6D3559A-4AF7-4F87-BD7B-66D9A70D7F2F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F51416A4-98B8-4142-B210-6B9F65FFCB80}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F51416A4-98B8-4142-B210-6B9F65FFCB80}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
    HKU\S-1-5-21-277956631-559940316-2728223971-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{263BC8BA-2CB1-4CEB-B826-EDE7B5B21EBC} => removed successfully
    "HKU\S-1-5-21-277956631-559940316-2728223971-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C500C267-63BF-451F-8797-4D720C9A2ED9}" => removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\APPX.3sp3fqi6gsy4owo0zgq_oeo7b.tmp => moved successfully
    C:\Windows\Temp\APPX.7ln7k7oyh06_6qwazo3ta6_1f.tmp => moved successfully
    C:\Windows\Temp\APPX.oektwdfjuf66c2lx1lnjmo2rg.tmp => moved successfully
    C:\Windows\Temp\APPX.rcazqso8fowxwe2of4t1spw1c.tmp => moved successfully
    C:\Windows\Temp\CHRIS-20191011-0710.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2101.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2104.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2104a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2251.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2313.log => moved successfully
    C:\Windows\Temp\CHRIS-20191013-2340.log => moved successfully
    C:\Windows\Temp\CHRIS-20191014-0010.log => moved successfully
    C:\Windows\Temp\CHRIS-20191014-0849.log => moved successfully
    C:\Windows\Temp\CHRIS-20191015-0728.log => moved successfully
    C:\Windows\Temp\CHRIS-20191015-0728a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191016-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191017-0803.log => moved successfully
    C:\Windows\Temp\CHRIS-20191017-0918.log => moved successfully
    C:\Windows\Temp\CHRIS-20191018-0746.log => moved successfully
    C:\Windows\Temp\CHRIS-20191018-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191018-0826.log => moved successfully
    C:\Windows\Temp\CHRIS-20191018-2015.log => moved successfully
    C:\Windows\Temp\CHRIS-20191019-0747.log => moved successfully
    C:\Windows\Temp\CHRIS-20191019-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191019-0825.log => moved successfully
    C:\Windows\Temp\CHRIS-20191019-1429.log => moved successfully
    C:\Windows\Temp\CHRIS-20191020-0722.log => moved successfully
    C:\Windows\Temp\CHRIS-20191020-0747.log => moved successfully
    C:\Windows\Temp\CHRIS-20191020-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191020-0825.log => moved successfully
    C:\Windows\Temp\CHRIS-20191020-0826.log => moved successfully
    C:\Windows\Temp\CHRIS-20191022-0747.log => moved successfully
    C:\Windows\Temp\CHRIS-20191022-0748.log => moved successfully
    C:\Windows\Temp\CHRIS-20191022-0748a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191022-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191022-0826.log => moved successfully
    C:\Windows\Temp\CHRIS-20191023-0807.log => moved successfully
    C:\Windows\Temp\CHRIS-20191023-0835.log => moved successfully
    C:\Windows\Temp\CHRIS-20191023-0925.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0745.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0746.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0749.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0750.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0829.log => moved successfully
    C:\Windows\Temp\CHRIS-20191025-0918.log => moved successfully
    C:\Windows\Temp\CHRIS-20191026-0849.log => moved successfully
    C:\Windows\Temp\CHRIS-20191026-0851.log => moved successfully
    C:\Windows\Temp\CHRIS-20191026-0906.log => moved successfully
    C:\Windows\Temp\CHRIS-20191027-0938.log => moved successfully
    C:\Windows\Temp\CHRIS-20191027-0939.log => moved successfully
    C:\Windows\Temp\CHRIS-20191027-0939a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191028-0749.log => moved successfully
    C:\Windows\Temp\CHRIS-20191028-2055.log => moved successfully
    C:\Windows\Temp\CHRIS-20191029-0727.log => moved successfully
    C:\Windows\Temp\CHRIS-20191029-0730.log => moved successfully
    C:\Windows\Temp\CHRIS-20191029-0746.log => moved successfully
    C:\Windows\Temp\CHRIS-20191029-0852.log => moved successfully
    C:\Windows\Temp\CHRIS-20191029-0939.log => moved successfully
    C:\Windows\Temp\CHRIS-20191030-0757.log => moved successfully
    C:\Windows\Temp\CHRIS-20191030-0843.log => moved successfully
    C:\Windows\Temp\CHRIS-20191030-0905.log => moved successfully
    C:\Windows\Temp\CHRIS-20191030-0939.log => moved successfully
    C:\Windows\Temp\CHRIS-20191031-0749.log => moved successfully
    C:\Windows\Temp\CHRIS-20191031-0820.log => moved successfully
    C:\Windows\Temp\CHRIS-20191031-0851.log => moved successfully
    C:\Windows\Temp\CHRIS-20191031-0911.log => moved successfully
    C:\Windows\Temp\CHRIS-20191031-1026.log => moved successfully
    C:\Windows\Temp\CHRIS-20191101-0755.log => moved successfully
    C:\Windows\Temp\CHRIS-20191101-0755a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191101-0820.log => moved successfully
    C:\Windows\Temp\CHRIS-20191101-0852.log => moved successfully
    C:\Windows\Temp\CHRIS-20191101-0912.log => moved successfully
    C:\Windows\Temp\CHRIS-20191102-1050.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-0918.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-0920.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-0932.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-0940.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-1001.log => moved successfully
    C:\Windows\Temp\CHRIS-20191103-1021.log => moved successfully
    C:\Windows\Temp\CHRIS-20191104-0006.log => moved successfully
    C:\Windows\Temp\CHRIS-20191104-0748.log => moved successfully
    C:\Windows\Temp\CHRIS-20191104-0751.log => moved successfully
    C:\Windows\Temp\CHRIS-20191105-0744.log => moved successfully
    C:\Windows\Temp\CHRIS-20191105-0744a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191105-0751.log => moved successfully
    C:\Windows\Temp\CHRIS-20191106-0735.log => moved successfully
    C:\Windows\Temp\CHRIS-20191106-0744.log => moved successfully
    C:\Windows\Temp\CHRIS-20191106-0751.log => moved successfully
    C:\Windows\Temp\CHRIS-20191107-0751.log => moved successfully
    C:\Windows\Temp\CHRIS-20191107-0753.log => moved successfully
    C:\Windows\Temp\CHRIS-20191108-0759.log => moved successfully
    C:\Windows\Temp\CHRIS-20191108-0801.log => moved successfully
    C:\Windows\Temp\CHRIS-20191108-0801a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191109-0853.log => moved successfully
    C:\Windows\Temp\CHRIS-20191109-0859.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-1035.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-1037.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-1037a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-1928.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-1943.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2013.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2020.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2036.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2058.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2111.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2159.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2229.log => moved successfully
    C:\Windows\Temp\CHRIS-20191110-2247.log => moved successfully
    C:\Windows\Temp\CHRIS-20191111-0028.log => moved successfully
    C:\Windows\Temp\CHRIS-20191111-0928.log => moved successfully
    C:\Windows\Temp\CHRIS-20191112-0759.log => moved successfully
    C:\Windows\Temp\CHRIS-20191112-0759a.log => moved successfully
    C:\Windows\Temp\CHRIS-20191113-0737.log => moved successfully
    C:\Windows\Temp\CHRIS-20191113-0756.log => moved successfully
    C:\Windows\Temp\CHRIS-20191114-0726.log => moved successfully
    C:\Windows\Temp\CHRIS-20191114-0727.log => moved successfully
    C:\Windows\Temp\CHRIS-20191114-0755.log => moved successfully
    C:\Windows\Temp\CHRIS-20191114-2022.log => moved successfully
    Could not move "C:\Windows\Temp\CHRIS-20191114-2031.log" => Scheduled to move on reboot.
    C:\Windows\Temp\chrome_installer.log => moved successfully
    C:\Windows\Temp\kav.20.0.14.1085d_09.31_15.11_3616.apply_patches.kis2020mp0.log => moved successfully
    C:\Windows\Temp\kav.20.0.14.1085e_10.11_17.37_3872.apply_patches.drivers_x64.log => moved successfully
    C:\Windows\Temp\KSDE.dumpwriter.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MSI5507a.LOG => moved successfully
    C:\Windows\Temp\MSIbacf0.LOG => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191013225129F88).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(2019102509185610A0).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110192801F6C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110202017C20).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110203550D94).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110205835104C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110211158BB4).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(20191110222903F0C).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201911142031303C44).log" => Scheduled to move on reboot.
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191013225131F88).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(2019102509185710A0).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110192802F6C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110202043C20).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110203615D94).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110205836104C).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110211158BB4).log => moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(20191110222904F0C).log => moved successfully
    Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(201911142031323C44).log" => Scheduled to move on reboot.
    C:\Windows\Temp\ood_stream.x86.en-us.dat => moved successfully
    C:\Windows\Temp\ood_stream.x86.x-none.dat => moved successfully
    C:\Windows\Temp\WER-872859-0.sysdata.xml => moved successfully
    C:\Windows\Temp\WERC8D4.tmp.WERDataCollectionStatus.txt => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 10510336 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 406057793 B
    Java, Flash, Steam htmlcache => 1124 B
    Windows/system/drivers => 8399204 B
    Edge => 40341691 B
    Chrome => 214699589 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6656 B
    Users => 6656 B
    ProgramData => 6656 B
    Public => 6656 B
    systemprofile => 6656 B
    systemprofile32 => 6656 B
    LocalService => 76256 B
    NetworkService => 76256 B
    chris => 340387364 B

    RecycleBin => 0 B
    EmptyTemp: => 973.3 MB temporary data Removed.

    ================================

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 14-11-2019 20:41:53)

    C:\Windows\Temp\CHRIS-20191114-2031.log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_c2ruidll(201911142031303C44).log => Is moved successfully
    C:\Windows\Temp\officeclicktorun.exe_streamserver(201911142031323C44).log => Is moved successfully

    ==== End of Fixlog 20:42:01 ====


    Adaware:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.4.2.0
    # -------------------------------
    # Build: 10-21-2019
    # Database: 2019-10-21.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 11-14-2019
    # Duration: 00:00:20
    # OS: Windows 10 Home
    # Cleaned: 48
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    No malicious registry entries cleaned.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Preinstalled Software ] *****

    Deleted Preinstalled.Pokki File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
    Deleted Preinstalled.TOSHIBAPasswordUtility Folder C:\Program Files (x86)\TOSHIBA\PASSWORDUTILITY
    Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|1.TPUReg
    Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|1.TPUReg
    Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
    Deleted Preinstalled.TOSHIBAPasswordUtility Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{78931270-BC9E-441A-A52B-73ECD4ACFAB5}
    Deleted Preinstalled.TOSHIBAQualityApplication Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAFB
    Deleted Preinstalled.TOSHIBAQualityApplication Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E69992ED-A7F6-406C-9280-1C156417BC49}
    Deleted Preinstalled.TOSHIBARegistration Folder C:\Program Files (x86)\TOSHIBA\TOSHIBAREGISTRATION
    Deleted Preinstalled.TOSHIBARegistration Folder C:\ProgramData\TOSHIBA\TOSHIBAREGISTRATION
    Deleted Preinstalled.TOSHIBARegistration Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5AF550B4-BB67-4E7E-82F1-2C4300279050}
    Deleted Preinstalled.TOSHIBASystemSettings Folder C:\Program Files (x86)\TOSHIBA\SYSTEM SETTING
    Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TCrdMain
    Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|TSSSrv
    Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TCrdMain
    Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TSSSrv
    Deleted Preinstalled.TOSHIBASystemSettings Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{05A55927-DB9B-4E26-BA44-828EBFF829F0}
    Deleted Preinstalled.TOSHIBAUser'sGuide Folder C:\Program Files (x86)\TOSHIBA\DOCUMENTATION
    Deleted Preinstalled.TOSHIBAUser'sGuide Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}
    Deleted Preinstalled.TOSHIBAUtilities Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\UTILITIES
    Deleted Preinstalled.ToshibaAppPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA APP PLACE
    Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ToshibaAppPlace
    Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ToshibaAppPlace
    Deleted Preinstalled.ToshibaAppPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}
    Deleted Preinstalled.ToshibaBookPlace Folder C:\Program Files (x86)\TOSHIBA\TOSHIBA BOOK PLACE
    Deleted Preinstalled.ToshibaBookPlace Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{11244D6B-9842-440F-8579-6A4D771A0D9B}
    Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-darkorbit
    Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-worldofwarcraft
    Deleted Preinstalled.ToshibaWildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-toshiba-genres
    Deleted Preinstalled.WildTangentGamesBundle File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
    Deleted Preinstalled.WildTangentGamesBundle File C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\BEJEWELED 3
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\KING ODDBALL
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDGAMES\PLANTS VS ZOMBIES - GAME OF THE YEAR
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\APP
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES\TOUCHPOINTS\TOSHIBA
    Deleted Preinstalled.WildTangentGamesBundle Folder C:\Users\chris\Favorites\WILDTANGENT GAMES
    Deleted Preinstalled.WildTangentGamesBundle Registry HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGDF-toshiba-mahjonggdarkdimensions
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
    Deleted Preinstalled.WildTangentGamesBundle Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba
    Deleted Preinstalled.WildTangentGamesBundle Registry HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
    Deleted Preinstalled.WildTangentGamesBundle Registry HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner_Debug.log - [87240 octets] - [14/11/2019 21:01:45]
    AdwCleaner[S00].txt - [7604 octets] - [14/11/2019 21:02:37]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


    Rogue Killer:

    RogueKiller Anti-Malware V13.5.6.0 (x64) [Nov 7 2019] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.18362) 64 bits
    Started in : Normal mode
    User : chris [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20191114_090610, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2019/11/14 21:26:39 (Duration : 00:31:55)

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Adaware did not technically ask to "clean and repair" but rather "quarantine". Not sure if it was supposed to but I think it quarantined my Toshiba apps. Not that I use them, not sure what they are anyways, but just an FYI.
    Thank you for the 'quarantine tip'.

    It went after programs which are often been considered as bloatware by some users as it is bundled on various manufacturer's new PCs. (Because this might be considered bloatware does not mean the software is bad or harmful, if you use it regularly its worthwhile to have. However, bloatware typically means the program is optional and was simply pre-installed but is not required and can be removed.)

    You might consider removing as it often consumes system resources, even if not actively being run, adversely affecting system responsiveness.

    WildTangent Games App ==> is technically not considered spyware or malware. It is actually a web driver used for many online and offline games. However, because it does use built-in modules allowing it to collect information about your computer and update automatically, you may not be comfortable having it on your system. If there are any sort of updates to existing games or apps, it will run using resources without your permission causing system slow downs and confusion.

    Long story short, if you are not using this bloatware placed on the machine by Toshiba, you will not miss anything but, should see improvements.

    ~~~~~~~
    So far there isn't any real signs of anything malicious.

    ESET Online Scanner:
    • Please go here, download the ESET Smart Installer, and save it to your desktop.
    • Double-click on the you just downloaded.
    • Place a checkmark next to "YES, I accept the Terms of Use" and click the button.
    • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
    • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
    • Then click Advanced settings, and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • Now click on:
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your internet connection
    • When the download has completed, the Online Scan will begin automatically it could take several hours to complete the scan. Please be patient
    • When the scan has completed, click List Found Threats (only if anything is found)
    • Then click Export, and save the file to your desktop using a unique name, such as ESETScan
    • Copy and paste the contents of this report into your next reply to me
    • Click Back, then click Finish to exit ESET Online Scanner
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default

    Hi Juliet

    I ran Etscan and there were no threats found and no files cleaned. So it did not produce a report. It took 5 hours and change.

    Can we get rid of the Toshiba apps and wild tangent programs? I really want to try and speed up the machine. I don't understand why it takes so long to get things moving on this machine.

    Thanks

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Quote Originally Posted by loopdiloop View Post
    Hi Juliet

    I ran Etscan and there were no threats found and no files cleaned. So it did not produce a report. It took 5 hours and change.

    Can we get rid of the Toshiba apps and wild tangent programs? I really want to try and speed up the machine. I don't understand why it takes so long to get things moving on this machine.

    Thanks
    Below are a couple of Apps you can get to and remove from the control panel/add remove list.
    https://support.microsoft.com/en-us/...-programs-list
    How to Manually Remove Programs from the Add/Remove Programs List

    Bejeweled 3 (HKLM-x32\...\WTA-2d4ec317-ec85-4b0e-8626-bf5c5d9f40df) (Version: 2.2.0.97 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
    King Oddball (HKLM-x32\...\WTA-37ea9933-72a6-47b7-a591-8a883511739a) (Version: 3.0.2.48 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-0f68d65e-e914-49e6-a7ad-5b1860066f42) (Version: 2.2.0.98 - WildTangent) Hidden
    Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.1.1.30 - WildTangent) Hidden

    Sometimes it requires a reboot to completely remove from the registry.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    You might be having a conflict with Windows 10 Windows Defender and Kaspersky security.
    Apparently they didn't completely turn off Windows Defender - even tho the service is set to On Demand it is still running for some reason. (anti-viruses will always turn off Windows Defender so that the two don't fight each other)

    What might be of use is to temporarily or try to permanently disable Windows Defender.
    https://support.microsoft.com/en-us/...ndows-security
    Turn off antivirus protection in Windows Security

    If you feel that Kaspersky is the problem causing the machine to lag you can uninstall that antivirus and try a different one to use. I can supply a list of free ones and paid for if needed. Just remember not to leave the computer without protection. Some people use Windows Defender as their trusted antivirus.

    Also if you go that route to remove you can use the Kaspersky removal tool.
    Download and run their uninstaller tool from this site.
    This will remove all traces of the program that was uninstalled.
    https://support.kaspersky.com/1464

    Restart the computer when the removal is completed.

    If all is well and if you wish reinstall the program.
    Restart thie computer after the installation.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default

    Hi Juliet

    Yes, I would like to get rid of any bloatware. Just today, booting up my computer after it installed updates took like 5+ minutes. Before I rebooted, when I hit the Start button, it took about 30 seconds for the start menu to pop up. Sometimes IE takes forever to open up, its crazy. When I go to open photos in a folder, either the program crashes or it truly takes about 3-5 minutes to get a photo opened and usually requires multiple tries.

    I'm not sure what I am supposed to do with the list of Wild Tangent Games you posted. Am I supposed to copy that into something to remove them? Or should I just go to add/remove programs and remove those?

    And what about removing the Toshiba apps? Is that also from add/remove programs?

    Also, should I remove any of the programs you had me download to run checks on the system? I have some old ones that a computer place put on here to run checks and wonder if I should delete those now?

    And also, to confirm, I should disable windows defender while I am running Kaspersky, correct?

    thanks

    Chris

  8. #8
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default

    Juliet

    I'm trying to Printscreen my add/remove programs page (it looks very different than your list) so you can show what to remove from it. But I can't printscreen for some reason.

    I don't see tangent games in there. There is a ton of Toshiba stuff but not sure what is safe to remove or not.

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,818

    Default

    Got a question

    Was it Kaspersky updates or some sort of Windows updates?

    If I'm right, and it's some sort of antivirus updates, it's going to run a scan at that time unless that software has a setting to disable it after updates?
    (Don't think you have control over that)

    Also, was this machine originally a Windows 7 or Windows 8 then you allowed Microsoft to update the machine to a Windows 10?

    ~~~~~~~~~~~~~~~~~~~

    Let's try this
    Using System File Checker in Windows 10
    https://support.microsoft.com/en-us/...m-file-checker


    ~~~~~~~~~~~~~~~~~~~~~~~~~`
    After running the above, I would like to see a fresh FRST log
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

    (Scan times will vary from one system to another. Sometimes the scan may appear to hang and you may even see a message that says, Program not responding. Most likely that will be temporary and the scan will resume on its own. It is not unusual for a complete scan to take up to10 minutes or even longer depending on what the scan is finding.)
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Member
    Join Date
    Dec 2005
    Posts
    94

    Default

    Hi Juliet

    I don't really understand the context of your question concerning updates for Kaspersky. Are you asking if it was running updates when I was trying to access the web? I don't think it was running a scan or update at the time I was logging in, but I can't really tell.

    I did notice that the machine improved a bit when I turned off One Drive completely. That seems to slow things up.

    I definitely want to get rid of any bloatware. Do you think it is safe to delete ALL the Toshiba programs in the delete programs feature? Do I need any of those to run my machine.

    To answer your other question, this machine has always been Windows 10, it is not a converted machine from 7 or 8. I bought it as a Windows 10.

    I will run the other request you asked up above and get back to you shortly.

    thanks for your help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •