1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Concern about scheduled tasks

Discussion in 'Malware Removal Help' started by Tony D, Apr 8, 2017.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I think this machine is clean, but there are a lot of scheduled tasks showing in the FRST Addition log. Can you please take a look at it?

    Thanks much

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by Barry (administrator) on BARRY-PC (08-04-2017 15:21:05)
    Running from C:\Users\Barry\Desktop
    Loaded Profiles: Barry (Available Profiles: Barry & DefaultAppPool)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    () C:\Windows\System32\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
    HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8387432 2017-04-04] (Emsisoft Ltd)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\PFW: C:\Windows\SysWOW64\UmxWnp.Dll [2011-02-24] (CA)
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Run: [Google Update] => C:\Users\Barry\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.)
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [3321752 2017-03-14] ()
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2017-03-14] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2017-03-14] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2017-03-14] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2017-03-14] (Synchronoss Technologies Inc.)
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => -> No File
    InternetURL: C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VzDownloadManager.url -> URL: file:///C:\Program Files (x86)\Verizon\VzDownloadManager\VzDownloadManagerUI.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{c85edd3a-1bf2-4d8f-81fc-7f7c785bb591}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{fafd3cb1-fccc-43f6-beef-4c272372cf93}: [DhcpNameServer] 10.0.32.10 10.0.32.12

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
    SearchScopes: HKLM -> DefaultScope {93586604-1E60-4B9C-B78B-45617C867323} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM -> {93586604-1E60-4B9C-B78B-45617C867323} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM-x32 -> DefaultScope {93586604-1E60-4B9C-B78B-45617C867323} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM-x32 -> {93586604-1E60-4B9C-B78B-45617C867323} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKU\.DEFAULT -> DefaultScope {93586604-1E60-4B9C-B78B-45617C867323} URL =
    SearchScopes: HKU\.DEFAULT -> {93586604-1E60-4B9C-B78B-45617C867323} URL =
    SearchScopes: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000 -> {0C6CEA87-DD31-4C58-AA40-81ABBC619280} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000 -> {93586604-1E60-4B9C-B78B-45617C867323} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-07] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-07] (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    Toolbar: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-04-06] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-04-06] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-07] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-07] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3518549543-2400902937-2592869685-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Barry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-25] (Citrix Online)
    FF Plugin HKU\S-1-5-21-3518549543-2400902937-2592869685-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3518549543-2400902937-2592869685-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR NewTab: Default -> Active:"chrome-extension://fknncgomdlddnbeklhdlgmnpgjmifmfe/stubby.html", Active:"chrome-extension://obnljkamlkedffammjddflhjepplhnoj/stubby.html"
    CHR Profile: C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default [2017-04-04]
    CHR Extension: (Google Docs) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
    CHR Extension: (Google Drive) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
    CHR Extension: (YouTube) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
    CHR Extension: (Adblock Plus) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
    CHR Extension: (Google Search) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
    CHR Extension: (Google Docs Offline) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Gmail) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    CHR Extension: (Chrome Media Router) - C:\Users\Barry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [7942352 2017-04-04] (Emsisoft Ltd)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
    R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
    S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-24] ()
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-06] (Malwarebytes)
    S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-04-08] (Malwarebytes)
    S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-08] (Malwarebytes)
    R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-08] (Malwarebytes)
    S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-08] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
    R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation )
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-08 15:21 - 2017-04-08 15:22 - 00020875 _____ C:\Users\Barry\Desktop\FRST.txt
    2017-04-08 14:55 - 2017-04-08 15:02 - 00000000 ____D C:\AdwCleaner
    2017-04-08 13:35 - 2017-04-08 13:36 - 00000000 ____D C:\Users\Barry\Desktop\Verizon shortcuts
    2017-04-08 08:05 - 2017-04-08 08:07 - 00000000 ____D C:\Users\Barry\AppData\Local\Garmin_Ltd._or_its_subsid
    2017-04-08 08:04 - 2017-04-08 08:04 - 00001974 _____ C:\Users\Public\Desktop\Garmin Express.lnk
    2017-04-08 08:03 - 2017-04-08 08:03 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
    2017-04-08 07:55 - 2017-04-08 07:55 - 00000000 ____D C:\Users\Barry\AppData\Roaming\Verizon
    2017-04-08 07:50 - 2017-04-08 07:54 - 00000000 ___RD C:\Users\Barry\Verizon Cloud Sync
    2017-04-08 07:50 - 2017-04-08 07:50 - 00000000 ____D C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
    2017-04-08 07:50 - 2017-04-08 07:50 - 00000000 ____D C:\Users\Barry\AppData\Local\Verizon
    2017-04-07 14:41 - 2017-04-07 14:41 - 00000000 ____D C:\Users\Barry\AppData\Local\CEF
    2017-04-07 14:40 - 2017-04-07 14:42 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-04-07 14:40 - 2017-04-07 14:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-04-07 14:08 - 2017-04-07 14:08 - 00000000 ____D C:\Users\Barry\AppData\LocalLow\Temp
    2017-04-07 14:08 - 2017-04-07 14:08 - 00000000 _____ C:\Users\Barry\Documents\Toshiba User Guide.pdf
    2017-04-07 13:47 - 2017-04-07 13:47 - 00000000 ____D C:\Users\Barry\AppData\Roaming\Oracle
    2017-04-07 13:45 - 2017-04-07 13:45 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-04-07 13:45 - 2017-04-07 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-04-07 13:42 - 2017-04-07 13:42 - 00000000 ____D C:\Users\Barry\AppData\LocalLow\Sun
    2017-04-07 13:41 - 2017-04-07 13:45 - 00000000 ____D C:\ProgramData\Oracle
    2017-04-07 13:41 - 2017-04-07 13:41 - 00000000 ____D C:\Users\Barry\AppData\Roaming\Sun
    2017-04-07 07:52 - 2017-04-08 15:21 - 00000000 ____D C:\FRST
    2017-04-07 07:50 - 2017-04-05 10:42 - 02424832 _____ (Farbar) C:\Users\Barry\Desktop\FRST64.exe
    2017-04-06 19:34 - 2017-04-06 19:34 - 00000000 ____D C:\Users\Barry\AppData\Local\ESET
    2017-04-06 14:57 - 2017-04-08 14:28 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-04-06 14:57 - 2017-04-08 14:26 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-04-06 14:57 - 2017-04-08 14:26 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-04-06 14:57 - 2017-04-08 14:26 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-04-06 14:57 - 2017-04-06 14:57 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-04-06 14:57 - 2017-04-06 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-04-06 14:57 - 2017-04-06 14:57 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-04-06 14:57 - 2017-04-06 14:57 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-04-06 14:57 - 2017-03-24 04:10 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-04-06 14:54 - 2017-04-06 14:56 - 59272008 _____ (Malwarebytes ) C:\Users\Barry\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
    2017-04-06 09:49 - 2017-04-06 09:49 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-04-05 17:45 - 2017-04-05 17:45 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2017-04-02 12:16 - 2017-04-02 12:16 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
    2017-03-29 08:13 - 2017-03-29 08:27 - 00000000 ____D C:\ProgramData\Emsisoft
    2017-03-29 08:13 - 2017-03-29 08:13 - 00000948 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2017-03-29 08:13 - 2017-03-29 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2017-03-29 08:12 - 2017-04-08 15:20 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
    2017-03-18 16:49 - 2017-03-18 16:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
    2017-03-18 16:49 - 2017-03-18 16:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2017-03-18 16:49 - 2015-06-03 03:16 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
    2017-03-09 10:37 - 2016-12-21 03:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2017-03-09 10:37 - 2016-12-21 00:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2017-03-09 02:17 - 2017-03-09 02:17 - 11460448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 01086408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 00975184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 00558728 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 00553424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 00242800 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
    2017-03-09 02:17 - 2017-03-09 02:17 - 00206000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 13046920 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 10829448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 05925984 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
    2017-03-09 02:16 - 2017-03-09 02:16 - 03529352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 03139208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00593544 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00560776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00536664 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    2017-03-09 02:16 - 2017-03-09 02:16 - 00460936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00458376 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00457864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00457352 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00457344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456840 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00456328 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00455304 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00453768 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00450184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00449160 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00447112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00446600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
    2017-03-09 02:16 - 2017-03-09 02:16 - 00428680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00402568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00348808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00276064 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
    2017-03-09 02:16 - 2017-03-09 02:16 - 00206944 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
    2017-03-09 02:16 - 2017-03-09 02:16 - 00193160 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00160392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00145032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
    2017-03-09 02:16 - 2017-03-09 02:16 - 00134280 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4459.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00119432 _____ C:\WINDOWS\system32\igdde64.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00099464 _____ C:\WINDOWS\SysWOW64\igdde32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00043144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
    2017-03-09 02:16 - 2017-03-09 02:16 - 00027784 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-04-08 15:04 - 2016-11-20 14:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-04-08 15:03 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-04-08 14:53 - 2016-11-20 14:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-04-08 14:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-04-08 14:21 - 2016-08-25 14:46 - 00000000 ____D C:\Users\Barry\AppData\LocalLow\Adblock Plus for IE
    2017-04-08 13:56 - 2016-11-20 14:47 - 02340722 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-04-08 09:17 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-04-08 09:16 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-04-08 08:06 - 2013-07-26 13:49 - 00000000 ____D C:\ProgramData\Package Cache
    2017-04-08 08:05 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
    2017-04-08 08:05 - 2011-12-01 17:12 - 00000000 ____D C:\Program Files\DIFX
    2017-04-08 08:04 - 2013-07-26 13:49 - 00000000 ____D C:\ProgramData\Garmin
    2017-04-08 08:04 - 2011-12-01 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
    2017-04-08 08:04 - 2011-12-01 17:12 - 00000000 ____D C:\Program Files (x86)\Garmin
    2017-04-08 07:56 - 2017-03-07 12:06 - 00000000 ____D C:\Users\Barry
    2017-04-08 07:56 - 2015-02-12 14:04 - 00000000 ____D C:\Program Files (x86)\Verizon
    2017-04-08 07:49 - 2015-06-01 15:40 - 00000000 ____D C:\Program Files\Verizon
    2017-04-08 07:48 - 2016-08-25 13:39 - 00000000 ____D C:\Users\Barry\AppData\Local\Citrix
    2017-04-07 14:41 - 2012-03-04 17:02 - 00000000 ____D C:\Users\Barry\AppData\Local\Adobe
    2017-04-07 14:39 - 2011-07-26 23:34 - 00000000 ____D C:\ProgramData\Adobe
    2017-04-07 14:39 - 2011-07-26 23:34 - 00000000 ____D C:\Program Files (x86)\Adobe
    2017-04-07 14:30 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-04-07 13:44 - 2011-07-26 23:26 - 00000000 ____D C:\Program Files (x86)\Java
    2017-04-07 13:41 - 2011-07-26 23:27 - 00268864 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
    2017-04-07 12:29 - 2016-06-27 15:31 - 00002523 _____ C:\Users\Barry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-07 12:29 - 2011-09-07 18:24 - 00002515 _____ C:\Users\Barry\Desktop\Google Chrome.lnk
    2017-04-06 19:58 - 2017-03-07 18:10 - 00004374 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2017-04-06 19:58 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-04-06 19:58 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-04-06 08:44 - 2011-10-11 11:50 - 00000000 ____D C:\Users\Barry\AppData\Roaming\Toshiba
    2017-04-05 17:57 - 2016-11-20 14:37 - 00353056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-04-02 12:16 - 2017-03-07 12:06 - 00000000 ____D C:\Users\DefaultAppPool
    2017-03-19 08:08 - 2013-03-14 08:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2017-03-19 08:08 - 2013-03-14 08:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2017-03-18 16:52 - 2013-08-15 08:03 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-03-18 16:49 - 2011-10-11 12:06 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-03-18 16:48 - 2013-03-14 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2017-03-10 01:17 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-03-10 01:17 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-03-09 10:33 - 2015-11-29 07:42 - 00000000 ____D C:\Users\Barry\AppData\Local\Packages
    2017-03-09 10:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
    2017-03-09 10:26 - 2017-03-08 11:50 - 00000000 ____D C:\Users\Barry\AppData\Local\ConnectedDevicesPlatform
    2017-03-09 02:17 - 2015-06-01 22:01 - 13182528 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
    2017-03-09 02:17 - 2015-06-01 22:01 - 12935296 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
    2017-03-09 02:17 - 2015-06-01 22:01 - 11330576 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
    2017-03-09 02:17 - 2015-06-01 22:01 - 00051184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
    2017-03-09 02:16 - 2015-06-01 22:00 - 09025672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
    2017-03-09 02:16 - 2015-06-01 22:00 - 05382856 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
    2017-03-09 02:16 - 2015-06-01 22:00 - 00463960 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    2017-03-09 02:16 - 2015-06-01 22:00 - 00420960 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    2017-03-09 02:16 - 2015-06-01 22:00 - 00304264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
    2017-03-09 02:16 - 2015-06-01 22:00 - 00300128 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
    2017-03-09 02:16 - 2015-06-01 22:00 - 00193112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
    2017-03-09 02:16 - 2015-06-01 22:00 - 00128648 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
    2017-03-09 02:16 - 2015-06-01 22:00 - 00112264 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
    2017-03-09 02:16 - 2015-06-01 22:00 - 00082056 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll

    ==================== Files in the root of some directories =======

    2012-03-22 16:04 - 2012-03-22 16:04 - 3993600 _____ () C:\Program Files (x86)\GUTCB2B.tmp
    2015-02-12 14:07 - 2015-02-12 14:07 - 0009662 _____ () C:\Users\Barry\AppData\Local\MessageCenter.ico
    2015-02-12 14:07 - 2015-02-12 14:07 - 0009662 _____ () C:\Users\Barry\AppData\Local\MyVerizon.ico
    2015-02-12 14:07 - 2015-02-12 14:07 - 0103749 _____ () C:\Users\Barry\AppData\Local\VZWifiIcon.ico
    2013-07-30 08:27 - 2013-07-30 08:27 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Barry\MetricCollection.dll


    Some files in TEMP:
    ====================
    2017-04-08 07:52 - 2017-04-08 07:52 - 12848568 _____ () C:\Users\Barry\AppData\Local\Temp\SDAPPUP.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-04-05 17:06

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Barry (08-04-2017 15:22:28)
    Running from C:\Users\Barry\Desktop
    Windows 10 Home Version 1607 (X64) (2017-03-07 22:21:02)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3518549543-2400902937-2592869685-500 - Administrator - Disabled)
    Barry (S-1-5-21-3518549543-2400902937-2592869685-1000 - Administrator - Enabled) => C:\Users\Barry
    DefaultAccount (S-1-5-21-3518549543-2400902937-2592869685-503 - Limited - Disabled)
    Guest (S-1-5-21-3518549543-2400902937-2592869685-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3518549543-2400902937-2592869685-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
    AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
    AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.2 - Emsisoft Ltd.)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
    Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
    Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
    IHA_MessageCenter (HKLM-x32\...\{D6D484C6-ECA6-4CD2-BB66-3FADD4DC687C}) (Version: 2.0.67 - Verizon)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6410 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
    Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
    TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0014 - TOSHIBA)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
    TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0006 - TOSHIBA)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
    TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 16.4.8.3 - Verizon)
    Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
    Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.96.0 - Verizon)
    VzDownloadManager (HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.1.1.2 - WildTangent) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01F6446B-7222-4882-BC37-54A237F15573} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {03880B65-8CA3-48DE-B094-B63A7DCA0069} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {03DDED7B-D55F-4876-8B40-AB2F21C26283} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {04E04BFE-3F4C-4DC9-83C5-4E1F7C15F12F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {05877FCA-A367-48D7-887D-FA62EE58D0D3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {09D3AA88-0DC7-4004-BEDA-11EE2A3F655F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {0CDC237E-0DE6-4BC1-891E-06C911AF61D9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {0FDDB930-5081-455C-9595-833871E3B1BB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {1AE29A91-05F1-408B-9204-F9D3D679563B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {23B62A7C-684F-4848-A90F-D6FAAB2E02C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {2ECE4E5F-04A3-4030-B136-6038308D64E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {34393A31-38BA-40D6-8B14-AD79096CD12A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {3D02220B-AC62-4E2D-8BFD-486D302275A4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {3D31E369-711D-4986-A997-BBE6BA9C087B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
    Task: {3D878B86-5E83-4DE9-A9B7-FC67DA33BA9F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {4538BAD2-6BC7-45F1-AAEF-728BC3ACE7C8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
    Task: {50A2ED7C-9B5A-46B7-A1DD-50DB084B1E5C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-18] (Microsoft Corporation)
    Task: {52E4F092-0050-4AD0-A880-3B475EEA70BB} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
    Task: {52F320F4-D654-4FE8-9031-D4261AA7F72C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5629FA6E-CA61-4BE6-9F02-1E6099F7A55B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-06] (Adobe Systems Incorporated)
    Task: {693A79A4-4549-4BBD-8AE2-49C7742335CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {69E5CE7E-6337-4739-BE80-56A5F31A4933} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {73D66478-7EB9-497D-951C-84478F100F6E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {7AF1CC86-E3D6-49DE-B423-593F6BFAF6D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {82CFB4E1-C728-4747-B804-B8C1DDFF6055} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {889B4450-3B30-4834-8BCF-A22D5B35DD9B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {890CFDB9-D447-4F69-B7B2-0D1301A610D6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {8FF3A9A7-1952-4957-8371-6C61CFDB154A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {94DD362F-4102-49EE-8961-8846F0C90832} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9FAB58CE-7889-4A83-90FB-714FC579F050} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3518549543-2400902937-2592869685-1000UA => C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
    Task: {A4889153-E208-4BB4-8E73-80F366FBB860} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {B25CF3A9-902C-4544-91E2-86722A49677A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {B4CF9F0C-183A-4761-B950-47D76A71EF8C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {B8EF81D2-9910-4CFF-965D-44CAB1CCF65B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
    Task: {D02B462D-FD65-4D40-8C2C-39616C7299F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {D20AE3B7-2317-4EA8-8515-9951D2B2D90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {D3CFA3C1-3BAA-492A-AEA2-0150471810A7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3518549543-2400902937-2592869685-1000Core => C:\Users\Barry\AppData\Local\Google\Update\GoogleUpdate.exe [2016-06-27] (Google Inc.)
    Task: {D9E5B421-0697-45D3-A5BB-E141ADB5C392} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {DA90AAF4-80AC-47F4-9F49-D1ECB256EB39} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {E052D258-93A4-43E2-BF97-9DC26CABCE10} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
    Task: {ECA71099-EB29-430A-A493-955C174CD977} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {F4D22854-41AA-4925-9F8E-CAC0DBFBD15B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
    Task: {FEF919A4-9D3F-47B7-8B01-2629B45D2CE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2011-09-07 17:48 - 2010-09-09 20:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
    2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-11-20 14:11 - 2016-11-20 14:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-03-07 14:45 - 2017-03-07 14:45 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 22:00 - 2017-03-09 02:16 - 00112264 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2017-03-13 09:42 - 2017-03-13 09:42 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-03-13 09:42 - 2017-03-13 09:42 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-03-13 09:42 - 2017-03-13 09:42 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-03-13 09:42 - 2017-03-13 09:42 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
    2017-04-06 08:18 - 2017-04-06 08:19 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Innovation\Aqua.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "TosNC"
    HKLM\...\StartupApproved\Run: => "TosReelTimeMonitor"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run: => "TPwrMain"
    HKLM\...\StartupApproved\Run: => "TosSENotify"
    HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
    HKLM\...\StartupApproved\Run32: => "NortonOnlineBackupReminder"
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\StartupApproved\StartupFolder: => "VzDownloadManager.url"
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\...\StartupApproved\Run: => "SynchronossPC"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{8B4BDD9D-0083-4D79-81C2-C1DC00076CE0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{0238DE6D-E749-49FC-BF1D-A76823D83751}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{85822EF7-AD16-40CD-A775-14B1FE93DFFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0B5BDA57-4875-4258-8D2F-B2B800DB308B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{69E6C1E3-957B-444A-BEB3-8742A8FF1255}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0D6275E4-C83F-4CA3-A2D7-95B2B7DECF95}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A98AAC02-7F80-44DE-B47A-5C691F19DD6D}] => (Allow) LPort=2869
    FirewallRules: [{86ED6703-E3B9-4530-A58B-3D4E2DC3C0AE}] => (Allow) LPort=1900
    FirewallRules: [{414D5D2B-8AE4-41EC-9E4F-3E1A55C26FA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{D98CBBAD-D94D-4AE3-81B3-207F98E4F494}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{BC9AE805-BF46-47CE-B71A-3611CBFC5B34}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
    FirewallRules: [{95F069E3-5FD3-48DE-9FA0-F48BCF29600B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
    FirewallRules: [{117758AA-F197-4D40-8D08-A83C3130799E}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
    FirewallRules: [{B613AF28-7EF6-4ED5-A4B6-EC9A0890110C}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
    FirewallRules: [{8CFEC069-435A-4C15-9175-005D0DCEB5DD}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{85F1447C-F2FC-4F00-8C31-61FDDDE5DE7C}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{E07200D6-F6A5-4DDF-A80B-F351BB012CA8}] => (Allow) LPort=50000
    FirewallRules: [TCP Query User{F3D39AC3-05EB-40BF-A493-816CE1D801DF}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [UDP Query User{BBB23AFF-7E57-4480-8B75-D4D9B3D26037}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [TCP Query User{811D69D0-717F-4625-979E-EE95679A655A}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [UDP Query User{4E7D36BF-E07F-4792-B28C-9DC10AB9CD9F}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
    FirewallRules: [{507DF5F6-681F-4312-9FAD-98BFF36A763B}] => (Allow) LPort=50000

    ==================== Restore Points =========================

    06-04-2017 08:07:11 Set point

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/08/2017 03:14:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: VzDetectAgent.exe, version: 2.0.2.20, time stamp: 0x54c7de5a
    Faulting module name: VzDetectAgent.exe, version: 2.0.2.20, time stamp: 0x54c7de5a
    Exception code: 0x40000015
    Fault offset: 0x00115b73
    Faulting process id: 0x18dc
    Faulting application start time: 0x01d2b09c67cc6f8c
    Faulting application path: C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
    Faulting module path: C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
    Report Id: 35ae3cb5-dc33-4c3d-ae8f-0b46e0e80ee2
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/08/2017 03:09:39 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/08/2017 03:09:38 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/08/2017 01:19:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: VzDetectAgent.exe, version: 2.0.2.20, time stamp: 0x54c7de5a
    Faulting module name: VzDetectAgent.exe, version: 2.0.2.20, time stamp: 0x54c7de5a
    Exception code: 0x40000015
    Fault offset: 0x00115b73
    Faulting process id: 0x1558
    Faulting application start time: 0x01d2b08c434f63e4
    Faulting application path: C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
    Faulting module path: C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
    Report Id: e7313a3c-2ab3-458e-8fb8-d7c269f00a58
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/08/2017 08:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: VzDetectAgent.exe, version: 2.0.2.20, time stamp: 0x54c7de5a
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x02d79e20
    Faulting process id: 0x1204
    Faulting application start time: 0x01d2b0617c4d8f9e
    Faulting application path: C:\Program Files (x86)\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
    Faulting module path: unknown
    Report Id: 0cdcdbe1-b1ba-4b91-b52f-70984c1655e0
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (04/08/2017 08:13:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 68015

    Error: (04/08/2017 08:13:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 68015

    Error: (04/08/2017 08:13:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/08/2017 08:07:50 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Corel\Label@Once\CDLabel.exe".
    Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/08/2017 08:07:28 AM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
    .


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet


    System errors:
    =============
    Error: (04/08/2017 03:07:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (04/08/2017 03:04:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sppsvc service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (04/08/2017 03:04:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the sppsvc service to connect.

    Error: (04/08/2017 03:04:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HPSupportSolutionsFrameworkService service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (04/08/2017 03:04:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the HPSupportSolutionsFrameworkService service to connect.

    Error: (04/08/2017 03:04:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (04/08/2017 03:03:08 PM) (Source: DCOM) (EventID: 10010) (User: Barry-PC)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (04/08/2017 03:02:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    An instance of the service is already running.

    Error: (04/08/2017 03:01:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

    Error: (04/08/2017 03:01:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2017-04-08 15:07:01.903
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-04-08 14:51:49.572
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-04-08 14:51:43.417
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.

    Date: 2017-04-08 14:51:20.552
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2017-04-08 14:36:37.528
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

    Date: 2017-04-08 08:37:26.680
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-04-07 14:13:52.078
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-04-07 07:46:44.391
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-04-07 07:45:37.548
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2017-04-07 07:45:37.531
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
    Percentage of memory in use: 47%
    Total physical RAM: 4007.98 MB
    Available physical RAM: 2120.91 MB
    Total Virtual: 8359.98 MB
    Available Virtual: 6453.79 MB

    ==================== Drives ================================

    Drive c: (TI106229W0C) (Fixed) (Total:449.45 GB) (Free:390.12 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: C010E626)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=449.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=14.4 GB) - (Type=17)

    ==================== End of Addition.txt ============================
     

    Attached Files:

    Last edited by a moderator: Apr 8, 2017
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Yes there is.
    I'd guess that this system was upgraded from Win7 to Win10.
    All the tasks labelled with 'Attention' are the Win10 upgrade nag tasks..... they are marked with 'Attention' because the files are actually missing.
    Win10 doesn't do a good job of cleaning these up.
    Also... Win10 removes the Windows Media Center that was with Win7.
    But as you see, Win10 doesn't do a good job of removing the tasks associated with WMC.
    The attached fixlist should take care of everything..... plus remove the leftover from Tiny Personal Firewall.

    One common mistake a lot of users make is this:
    as you can see, it's still running at startup.
    It uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times.
    Just for future reference

    Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

    2cf1672fdd2151dad6f349c704143429.png

    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.
     

    Attached Files:

  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks Starbuck. Yes, this was a W7 and it was upgraded to W10. I ran into problems with the Toshiba-installed software, namely the keyboard acted as if the Fn key was locked on. So I turned them off in msconfig. Toshiba doesn't have W10 updates for this machine.

    I did disable iTunes Helper using msconfig. I haven't started iTunes or any other Apple software. Don't know why it's still in the Run.

    I'll get to the fixlist in a few hours. Gotta run. Thanks again.
     
  4. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Ar right, so this is the system you posted about earlier.

    Basically this can't be stopped from running.
    Don't you just hate Apple for being protective

    Brilliant read: How Apple Owns Hollywood, and Makes You Buy Its Products
     
    Last edited: Apr 8, 2017
    allheart55 (Cindy E) likes this.
  5. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Thanks for that. I have mixed feelings about Apple. Mostly the constant need to upgrade hardware and software. I used to be a big Mac fan. President of the local Mac User group (150 members) for 5 years and on the Board for a few years prior. I'm not much of a fan these days.

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by Barry (09-04-2017 10:06:30) Run:1
    Running from C:\Users\Barry\Desktop
    Loaded Profiles: Barry (Available Profiles: Barry & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\PFW: C:\Windows\SysWOW64\UmxWnp.Dll [2011-02-24] (CA)
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => -> No File
    Toolbar: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    U3 idsvc; no ImagePath
    C:\Users\Barry\MetricCollection.dll
    2017-04-08 07:52 - 2017-04-08 07:52 - 12848568 _____ () C:\Users\Barry\AppData\Local\Temp\SDAPPUP.exe
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Barry\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    CustomCLSID: HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL => No File
    Task: {01F6446B-7222-4882-BC37-54A237F15573} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0CDC237E-0DE6-4BC1-891E-06C911AF61D9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1AE29A91-05F1-408B-9204-F9D3D679563B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {23B62A7C-684F-4848-A90F-D6FAAB2E02C9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {3D878B86-5E83-4DE9-A9B7-FC67DA33BA9F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {52F320F4-D654-4FE8-9031-D4261AA7F72C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {693A79A4-4549-4BBD-8AE2-49C7742335CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {69E5CE7E-6337-4739-BE80-56A5F31A4933} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {7AF1CC86-E3D6-49DE-B423-593F6BFAF6D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {94DD362F-4102-49EE-8961-8846F0C90832} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {B25CF3A9-902C-4544-91E2-86722A49677A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {ECA71099-EB29-430A-A493-955C174CD977} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {03DDED7B-D55F-4876-8B40-AB2F21C26283} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {04E04BFE-3F4C-4DC9-83C5-4E1F7C15F12F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {05877FCA-A367-48D7-887D-FA62EE58D0D3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {09D3AA88-0DC7-4004-BEDA-11EE2A3F655F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {0FDDB930-5081-455C-9595-833871E3B1BB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {2ECE4E5F-04A3-4030-B136-6038308D64E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {34393A31-38BA-40D6-8B14-AD79096CD12A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {3D02220B-AC62-4E2D-8BFD-486D302275A4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {3D31E369-711D-4986-A997-BBE6BA9C087B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
    Task: {4538BAD2-6BC7-45F1-AAEF-728BC3ACE7C8} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
    Task: {73D66478-7EB9-497D-951C-84478F100F6E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {82CFB4E1-C728-4747-B804-B8C1DDFF6055} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {889B4450-3B30-4834-8BCF-A22D5B35DD9B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
    Task: {890CFDB9-D447-4F69-B7B2-0D1301A610D6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {8FF3A9A7-1952-4957-8371-6C61CFDB154A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {A4889153-E208-4BB4-8E73-80F366FBB860} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {B4CF9F0C-183A-4761-B950-47D76A71EF8C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {B8EF81D2-9910-4CFF-965D-44CAB1CCF65B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
    Task: {D02B462D-FD65-4D40-8C2C-39616C7299F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {D20AE3B7-2317-4EA8-8515-9951D2B2D90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {D9E5B421-0697-45D3-A5BB-E141ADB5C392} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
    Task: {E052D258-93A4-43E2-BF97-9DC26CABCE10} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
    Task: {F4D22854-41AA-4925-9F8E-CAC0DBFBD15B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:

    *****************

    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SncrOverlays (Blocked) => key removed successfully
    HKCR\Wow6432Node\CLSID\{C418E880-6280-4010-A888-FD76028E5511} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SncrOverlays (InSync) => key removed successfully
    HKCR\Wow6432Node\CLSID\{5F4A6070-DB92-4C56-A487-F3850430608F} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SncrOverlays (Pending) => key removed successfully
    HKCR\Wow6432Node\CLSID\{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SncrOverlays (Syncing) => key removed successfully
    HKCR\Wow6432Node\CLSID\{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => key not found.
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
    idsvc => service removed successfully
    C:\Users\Barry\MetricCollection.dll => moved successfully
    C:\Users\Barry\AppData\Local\Temp\SDAPPUP.exe => moved successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F} => key removed successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14} => key removed successfully
    HKU\S-1-5-21-3518549543-2400902937-2592869685-1000_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01F6446B-7222-4882-BC37-54A237F15573} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F6446B-7222-4882-BC37-54A237F15573} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CDC237E-0DE6-4BC1-891E-06C911AF61D9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CDC237E-0DE6-4BC1-891E-06C911AF61D9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AE29A91-05F1-408B-9204-F9D3D679563B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE29A91-05F1-408B-9204-F9D3D679563B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23B62A7C-684F-4848-A90F-D6FAAB2E02C9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23B62A7C-684F-4848-A90F-D6FAAB2E02C9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D878B86-5E83-4DE9-A9B7-FC67DA33BA9F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D878B86-5E83-4DE9-A9B7-FC67DA33BA9F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52F320F4-D654-4FE8-9031-D4261AA7F72C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52F320F4-D654-4FE8-9031-D4261AA7F72C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{693A79A4-4549-4BBD-8AE2-49C7742335CD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{693A79A4-4549-4BBD-8AE2-49C7742335CD} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69E5CE7E-6337-4739-BE80-56A5F31A4933} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69E5CE7E-6337-4739-BE80-56A5F31A4933} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AF1CC86-E3D6-49DE-B423-593F6BFAF6D4} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AF1CC86-E3D6-49DE-B423-593F6BFAF6D4} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94DD362F-4102-49EE-8961-8846F0C90832} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94DD362F-4102-49EE-8961-8846F0C90832} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B25CF3A9-902C-4544-91E2-86722A49677A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B25CF3A9-902C-4544-91E2-86722A49677A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECA71099-EB29-430A-A493-955C174CD977} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECA71099-EB29-430A-A493-955C174CD977} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03DDED7B-D55F-4876-8B40-AB2F21C26283} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DDED7B-D55F-4876-8B40-AB2F21C26283} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E04BFE-3F4C-4DC9-83C5-4E1F7C15F12F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E04BFE-3F4C-4DC9-83C5-4E1F7C15F12F} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05877FCA-A367-48D7-887D-FA62EE58D0D3} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05877FCA-A367-48D7-887D-FA62EE58D0D3} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09D3AA88-0DC7-4004-BEDA-11EE2A3F655F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D3AA88-0DC7-4004-BEDA-11EE2A3F655F} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FDDB930-5081-455C-9595-833871E3B1BB} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FDDB930-5081-455C-9595-833871E3B1BB} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ECE4E5F-04A3-4030-B136-6038308D64E8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ECE4E5F-04A3-4030-B136-6038308D64E8} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34393A31-38BA-40D6-8B14-AD79096CD12A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34393A31-38BA-40D6-8B14-AD79096CD12A} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D02220B-AC62-4E2D-8BFD-486D302275A4} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D02220B-AC62-4E2D-8BFD-486D302275A4} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D31E369-711D-4986-A997-BBE6BA9C087B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D31E369-711D-4986-A997-BBE6BA9C087B} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4538BAD2-6BC7-45F1-AAEF-728BC3ACE7C8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4538BAD2-6BC7-45F1-AAEF-728BC3ACE7C8} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73D66478-7EB9-497D-951C-84478F100F6E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73D66478-7EB9-497D-951C-84478F100F6E} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82CFB4E1-C728-4747-B804-B8C1DDFF6055} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82CFB4E1-C728-4747-B804-B8C1DDFF6055} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{889B4450-3B30-4834-8BCF-A22D5B35DD9B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{889B4450-3B30-4834-8BCF-A22D5B35DD9B} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{890CFDB9-D447-4F69-B7B2-0D1301A610D6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{890CFDB9-D447-4F69-B7B2-0D1301A610D6} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FF3A9A7-1952-4957-8371-6C61CFDB154A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FF3A9A7-1952-4957-8371-6C61CFDB154A} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4889153-E208-4BB4-8E73-80F366FBB860} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4889153-E208-4BB4-8E73-80F366FBB860} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4CF9F0C-183A-4761-B950-47D76A71EF8C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4CF9F0C-183A-4761-B950-47D76A71EF8C} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8EF81D2-9910-4CFF-965D-44CAB1CCF65B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8EF81D2-9910-4CFF-965D-44CAB1CCF65B} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D02B462D-FD65-4D40-8C2C-39616C7299F8} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D02B462D-FD65-4D40-8C2C-39616C7299F8} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D20AE3B7-2317-4EA8-8515-9951D2B2D90F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D20AE3B7-2317-4EA8-8515-9951D2B2D90F} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9E5B421-0697-45D3-A5BB-E141ADB5C392} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E5B421-0697-45D3-A5BB-E141ADB5C392} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E052D258-93A4-43E2-BF97-9DC26CABCE10} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E052D258-93A4-43E2-BF97-9DC26CABCE10} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4D22854-41AA-4925-9F8E-CAC0DBFBD15B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D22854-41AA-4925-9F8E-CAC0DBFBD15B} => key removed successfully
    C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => key removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39423877 B
    Java, Flash, Steam htmlcache => 506 B
    Windows/system/drivers => 51144414 B
    Edge => 500630 B
    Chrome => 712046379 B
    Firefox => 0 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 128 B
    LocalService => 54898 B
    NetworkService => 159218 B
    Barry => 174302221 B
    DefaultAppPool => 0 B

    RecycleBin => 160812 B
    EmptyTemp: => 932.5 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 10:07:50 ====
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    .........
    b05997b1e5edd86f3492d444ecfdf542.png
    Sorry but you walked right into that :lglf:

    The fix looks to have run ok.
    Any other problems with the system?
     
  7. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,062
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I used to be that kind of Big Mac fan also. Then age set in. Gotta watch what one eats these days.

    The machine seems pretty good finally. It's starting nicely. I had checked for updates yesterday and it did update to 1607 build 14393.969. Today it took Windows Modules Installer Worker over an hour to settle down. CPU usage is down to <3% even with an IE window open.

    Nice job Starbuck.

    The only issue I see is that a Verizon Update Center notice comes up now and then wanting to secure the wireless network. I unchecked a couple of boxes. Hope I got it.

    Thanks much.
     
  8. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    :thmbup:
     

Share This Page