Computer acting strange

View previous topic View next topic Go down

In Progress Computer acting strange

Post by SASSY_Nc on Sun Jul 24, 2016 3:32 pm

For a while now, my laptop has been taking longer than normal to boot up.  It comes up fairly quickly, but it won't let me do anything at first.  After 30 seconds or so, the screen will go black.  Sometimes, it's just a flicker and sometimes it's 30 seconds or more.  When it comes back, I can continue on to whatever I want to do.  After I've been on it for a few minutes, I often start having a lag issue when I type or scroll.  Sometimes, I'll type a whole sentence and it won't start showing it on the screen until I've already finished typing it.  The scrolling is the same way.  It's driving me nuts.

Here is the Adwcleaner log:

# AdwCleaner v5.201 - Logfile created 24/07/2016 at 10:13:22
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-21.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Melesia - TULLY_LAPTOP
# Running from : C:\Users\Melesia\Downloads\adwcleaner_5.201.exe
# Option : Clean
# Support : [You must be registered and logged in to see this link.]

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : nortonsafe.search.ask.com
[-] [C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : us.yhs4.search.yahoo.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3553 bytes] - [25/06/2016 08:04:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [1154 bytes] - [30/06/2016 18:32:39]
C:\AdwCleaner\AdwCleaner[C3].txt - [1422 bytes] - [24/07/2016 10:13:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [3354 bytes] - [25/06/2016 08:00:53]
C:\AdwCleaner\AdwCleaner[S2].txt - [982 bytes] - [30/06/2016 18:08:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [339 bytes] - [24/07/2016 10:08:23]
C:\AdwCleaner\AdwCleaner[S4].txt - [1672 bytes] - [24/07/2016 10:10:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1785 bytes] ##########


And the MBAM log:

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Scan Date: 7/24/2016
Scan Time: 10:22 AM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.24.03
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Melesia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342900
Time Elapsed: 33 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

I'm running TrendMicro and it wouldn't let me get to the other recommended page.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sun Jul 24, 2016 6:24 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
I'm running TrendMicro and it wouldn't let me get to the other recommended page..
You should be able to configure your AV to run whatever you want.
When you boot your computer start your Task Manager to see what is taking up so much resourses. CTRL, ALT, Delete. Click on processes.

*************************************************
StartupLite

Download [You must be registered and logged in to see this link.] to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
******************************************************
Please download [You must be registered and logged in to see this link.] to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Jul 24, 2016 8:04 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Melesia (Administrator) on Sun 07/24/2016 at 15:48:35.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\WINDOWS\prefetch\TOOLBARNATIVEMSGHOST.EXE-2877DF3A.pf (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{87ED4548-102D-4337-B283-C0DC4E9ED816} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 1.014 --- 12/23/15  
  x64 (UAC is enabled)  
Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
Trend Micro Maximum Security  
Windows Defender              
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 91  
Java version 32-bit out of Date!
Adobe Flash Player 22.0.0.209  
Google Chrome (51.0.2704.103)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````  
Malwarebytes Anti-Malware mbamservice.exe  
Malwarebytes Anti-Malware mbamscheduler.exe  
Trend Micro AMSP coreServiceShell.exe  
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe  
Trend Micro Titanium plugin Pt\PtSvcHost.exe
Trend Micro TMIDS PwmSvc.exe  
Trend Micro Titanium plugin Pt\PtWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP module 20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
Trend Micro Titanium UIFramework Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


When I ran the StartupLite, the only thing that came up to disable was SunJavaUpdateSched.  When I clicked on continue, an error message popped up saying "Error on value: SunJavaUpdateSched.  There was an error creating a MSConfig key."

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sun Jul 24, 2016 10:51 pm

You have two AV's on your computer; Windows Defender which is the AV that comes with Windows and Trend Micro. One will have to be disabled. This could cause some problems.
Did you try opening your Task Manager?


Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Tue Jul 26, 2016 2:01 am

I knew I had both AV programs on here, but I thought I had Windows Defender disabled.  Do I not?

I checked the task manager.  It looks like TrendMicro is the only thing that is sucking up a lot of CPU.  I sat an watched it for a couple minutes.  It was going from 85% to 99% a couple times.  The disk column got up to 100% at one point.

I tried to run the ESet scanner last night.  It got almost finished and it locked up.  It had found 14 items, but never got to finish.  

I've disabled Trend and I'm trying to run it again tonight.  When I double click on the Eset Online Scanner icon that was downloaded onto my desktop, I keep getting a blue box that says Windows Smart Screen has blocked it.  It allows me to run it anyway. It keeps telling me "Cannot update virus signature database. Make sure your computer is connected to the internet."  I am connected to the internet.  I have disconnected and reconnected.  I have even tried restarting the computer and it still won't work.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Tue Jul 26, 2016 2:10 am

Oh and I forgot to add that I updated Java before I started the series in your last post.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Tue Jul 26, 2016 6:23 pm

I thought I had Windows Defender disabled. Do I not?
The log shows it enabled.

Please go to [You must be registered and logged in to see this link.] and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives


5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Fri Jul 29, 2016 1:52 am

When I clicked on the link and went to the site, the first thing on the page says "Think you've got a virus? Scan your PC for free." When I click on that, it downloads Kaspersky Security Scan and Software Updater. After it was done, I clicked on Settings at the bottom of the app, but the options you listed were not there. I ran a scan, but it zipped right through in just a few seconds. It didn't find anything nor did it give me the option of saving a report.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Fri Jul 29, 2016 6:44 pm

Ok, how are things with the computer now?

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sat Jul 30, 2016 12:19 pm

Nothing has changed. It was actually worse this morning. It took longer to boot up. I was trying to figure out how to disable Windows Defender thinking maybe that's what was causing some or all of this problem. I did a search through Cortana for Windows Defender. When I clicked on Windows Defender Desktop App in the search results, it said "This app has been turned off and isn't monitoring your system." When I clicked on Windows Defender Settings, it shows that real-time protection, cloud-based protection, and automatic sample submission are all on. When I click on Open Windows Defender at the bottom of that screen it gives me that same message.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sat Jul 30, 2016 7:12 pm

To disable WD you need to go to Control Panel, Windows Defender, tools, Options, and select Realtime Protection. You can disable it there. You would be better off staying with WD because it is free and effective.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sat Jul 30, 2016 8:22 pm

It won't let me into Windows Defender to even get to tools.  I went to control panel and clicked on Windows Defender, and it gave me the message I mentioned before "This app has been turned off and isn't monitoring your system."

Another thing I meant to ask you. I have a paid subscription to Malwarebytes, but Windows 10 (or this computer, not sure which) doesn't seem to like it. After I've had it on for a while, it will get to the point that I can't use the start button, Cortana, or any of the icons in the notifications/clock area. Once I uninstall Malwarebytes, that part starts working again. Do you know of any issues with Malwarebytes and Windows 10 or could it be a conflict with WD?

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sun Jul 31, 2016 1:35 am

You must be signed in as Adm. to turn on WD. See the link [You must be registered and logged in to see this link.] You should ask MBAM about this issue. I'm sure they have a help site.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Jul 31, 2016 1:59 am

Now it tells me that WD is turned off by group policy. I want it turned off since I have a paid subscription to TrendMicro. However.... If I type Windows Defender Settings into Cortana, it still shows real-time and cloud-based protection is on. I'm confused.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sun Jul 31, 2016 6:56 pm

According to the Security log both AV's are active. That is the reason why you're getting that warning and you can't do anything with WD. When you subscription runs out for TrendMicro uninstall it and then activate WD.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Jul 31, 2016 10:14 pm

What if I want to keep TrendMicro though?

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Superdave on Sun Jul 31, 2016 10:40 pm

It seems sort of strange to pay for something that you can have for free but it's your money. WD is just as good as TrendMicro. You should be able to disable WD by searching for Service then look for Windows Defender and disable it.

Superdave
Captain
Captain

Status :
Online
Offline

Posts : 4202
Joined : 2010-02-01
Gender : Male
OS : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay on Wed Nov 16, 2016 5:51 pm

[You must be registered and logged in to see this link.]

Do you still need help? We have not heard from you for a while... Please get back with us so we can assist you further!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Nov 27, 2016 2:58 am

I haven't been able to resolve the problem.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay on Sun Nov 27, 2016 3:02 am

Okay, I will assist you further...

Scan with Farbar Recovery Scan Tool

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Nov 27, 2016 11:49 pm

The FRST log is too long for one post.  I'm braking it up in several posts.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016
Ran by Melesia (administrator) on TULLY_LAPTOP (27-11-2016 18:34:10)
Running from C:\Users\Melesia\Desktop
Loaded Profiles: Melesia (Available Profiles: Melesia & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [You must be registered and logged in to see this link.]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Facebook) C:\Users\Melesia\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(The CefSharp Authors) C:\Users\Melesia\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Lenovo) C:\Users\Melesia\AppData\Local\Apps\2.0\D5B80TYH.XH0\9E9O1NO5.WWN\lsb...tion_91a10ba61c75c82d_0001.0006_014be6b8b4b27d94\LSB.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\InstallWorkspace.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [78752 2016-07-27] ()
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-07-24] (Trend Micro Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2016-07-24] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
Startup: C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-11-24]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Melesia\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{336ead84-a328-409a-befe-2311ba29d647}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{ed2686af-91ac-42c2-a0dc-9492dc6f4ad1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.]
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> DefaultScope {87ED4548-102D-4337-B283-C0DC4E9ED816} URL = 
SearchScopes: HKU\S-1-5-21-3240382664-3217752032-3399020223-1001 -> {87ED4548-102D-4337-B283-C0DC4E9ED816} URL = 
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-22] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-22] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg.dll [2016-04-25] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1307\2.7.1067\TmopIEPlg32.dll [2016-04-25] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)

FireFox:
========
FF DefaultProfile: e9pejw1d.default
FF ProfilePath: C:\Users\Melesia\AppData\Roaming\Mozilla\Firefox\Profiles\e9pejw1d.default [2016-11-27]
FF Extension: (All Aboard) - C:\Users\Melesia\AppData\Roaming\Mozilla\Firefox\Profiles\e9pejw1d.default\Extensions\@all-aboard-v1 [2016-07-24]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2016-11-23]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-11-23]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [No File]
FF Plugin-x32: [You must be registered and logged in to see this link.].google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: [You must be registered and logged in to see this link.].google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> [You must be registered and logged in to see this link.]
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR DefaultSearchURL: Default -> [You must be registered and logged in to see this link.]
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> [You must be registered and logged in to see this link.]
CHR Profile: C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default [2016-11-27]
CHR Extension: (Google Slides) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-17]
CHR Extension: (Yahoo Web) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-30]
CHR Extension: (Google Docs) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]
CHR Extension: (Google Drive) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2016-08-31]
CHR Extension: (Google Search) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]
CHR Extension: (Google Docs Offline) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-17]
CHR Extension: (Clearly) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-06-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Trend Micro Password Manager) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2015-07-10]
CHR Extension: (Gmail) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Melesia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-21]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - [You must be registered and logged in to see this link.]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] -
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - [You must be registered and logged in to see this link.]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - [You must be registered and logged in to see this link.]
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - [You must be registered and logged in to see this link.]

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Nov 27, 2016 11:50 pm

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [532040 2016-09-02] (VMware, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-29] (ELAN Microelectronics Corp.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [234400 2016-07-27] ()
R2 ftscanmgrhv; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe [6313376 2016-08-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 NitroDriverReadSpool10; C:\Program Files\Nitro\Pro 10\NitroPDFDriverService10x64.exe [326296 2015-11-05] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 10\Nitro_UpdateService.exe [417944 2015-11-05] ()
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-07-24] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view-usbd.exe [1169992 2016-08-25] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [275872 2016-07-26] (VMware)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7585280 2016-07-16] (Broadcom Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-23] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [142552 2016-08-07] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [435416 2016-08-07] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [143648 2016-06-20] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [117984 2016-08-07] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [111840 2016-09-30] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [132888 2016-05-16] (Trend Micro Inc.)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-24] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 18:34 - 2016-11-27 18:35 - 00026035 _____ C:\Users\Melesia\Desktop\FRST.txt
2016-11-27 18:33 - 2016-11-27 18:34 - 00000000 ____D C:\FRST
2016-11-27 18:30 - 2016-11-27 18:30 - 02411520 _____ (Farbar) C:\Users\Melesia\Desktop\FRST64.exe
2016-11-27 08:15 - 2016-11-27 08:15 - 00000000 ___HD C:\OneDriveTemp
2016-11-25 10:24 - 2016-11-25 10:24 - 00886547 _____ C:\Users\Melesia\Downloads\08-07-2015.pdf
2016-11-25 10:22 - 2016-11-25 10:22 - 01020001 _____ C:\Users\Melesia\Downloads\08-26-2016.pdf
2016-11-25 10:20 - 2016-11-25 10:20 - 00002760 _____ C:\Users\Melesia\Downloads\Receipt.pdf
2016-11-23 20:03 - 2016-11-23 20:04 - 00001275 _____ C:\Users\Melesia\Desktop\Trend Micro Maximum Security.lnk
2016-11-23 20:03 - 2016-11-23 20:03 - 00000000 ___HD C:\TMRescueDisk
2016-11-23 20:03 - 2016-11-23 20:03 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2016-11-23 05:56 - 2016-11-23 05:56 - 00000000 ____D C:\WINDOWS\SysWOW64\tmumh
2016-11-23 05:56 - 2016-11-23 05:56 - 00000000 ____D C:\WINDOWS\system32\tmumh
2016-11-23 05:56 - 2016-09-30 03:58 - 00111840 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2016-11-23 05:56 - 2016-08-07 12:27 - 00435416 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-11-23 05:56 - 2016-08-07 12:27 - 00142552 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2016-11-23 05:56 - 2016-08-07 12:27 - 00117984 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2016-11-23 05:56 - 2016-06-24 01:58 - 00561952 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2016-11-23 05:56 - 2016-06-20 22:23 - 00143648 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2016-11-23 05:56 - 2016-05-16 02:35 - 00132888 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2016-11-23 05:56 - 2016-01-04 22:35 - 00072504 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2016-11-23 05:56 - 2015-06-22 21:49 - 00039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2016-11-23 05:53 - 2016-11-23 05:53 - 00000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2016-11-23 05:52 - 2016-11-23 05:52 - 00003382 _____ C:\WINDOWS\System32\Tasks\AirSupport Update
2016-11-23 05:52 - 2016-11-23 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2016-11-21 08:31 - 2016-11-21 08:31 - 00000000 ____D C:\Users\Melesia\AppData\Local\VMware
2016-11-21 08:18 - 2016-11-25 14:06 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\VMware
2016-11-21 08:18 - 2016-11-21 08:18 - 00002099 _____ C:\Users\Public\Desktop\VMware Horizon Client.lnk
2016-11-21 08:18 - 2016-11-21 08:18 - 00000000 ____D C:\ProgramData\VMware
2016-11-21 08:18 - 2016-11-21 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-11-21 08:18 - 2016-11-21 08:18 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-11-21 08:18 - 2016-11-21 08:18 - 00000000 ____D C:\Program Files (x86)\VMware
2016-11-21 08:18 - 2016-08-25 14:04 - 00072264 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-11-21 08:16 - 2016-11-21 08:16 - 41095616 _____ (VMware, Inc.) C:\Users\Melesia\Downloads\VMware-Horizon-Client-x86_64-4.2.0-4336726.exe
2016-11-21 07:42 - 2016-11-21 07:42 - 00002876 _____ C:\Users\Melesia\Downloads\Acct_4494_11-14-2016_to_11-20-2016.CSV
2016-11-12 19:41 - 2016-11-12 19:41 - 20478144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-11-10 21:02 - 2016-11-02 06:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 21:02 - 2016-11-02 06:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 21:02 - 2016-11-02 06:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 21:02 - 2016-11-02 06:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 21:02 - 2016-11-02 06:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 21:02 - 2016-11-02 06:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 21:02 - 2016-11-02 06:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 21:02 - 2016-11-02 06:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-10 21:02 - 2016-11-02 06:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 21:02 - 2016-11-02 06:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 21:02 - 2016-11-02 06:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 21:02 - 2016-11-02 06:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 21:02 - 2016-11-02 05:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 21:02 - 2016-11-02 05:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 21:02 - 2016-11-02 05:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 21:02 - 2016-11-02 05:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 21:02 - 2016-11-02 05:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-10 21:02 - 2016-11-02 05:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 21:02 - 2016-11-02 05:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 21:02 - 2016-11-02 05:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 21:02 - 2016-11-02 05:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 21:02 - 2016-11-02 05:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 21:02 - 2016-11-02 05:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 21:02 - 2016-11-02 05:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 21:02 - 2016-11-02 05:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 21:02 - 2016-11-02 05:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 21:02 - 2016-11-02 05:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 21:02 - 2016-11-02 05:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 21:02 - 2016-11-02 05:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 21:02 - 2016-11-02 05:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 21:02 - 2016-11-02 05:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 21:02 - 2016-11-02 05:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 21:02 - 2016-11-02 05:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 21:02 - 2016-11-02 05:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 21:02 - 2016-11-02 05:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 21:02 - 2016-11-02 05:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 21:02 - 2016-11-02 05:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 21:02 - 2016-11-02 05:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 21:02 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-10 21:02 - 2016-11-02 05:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 21:02 - 2016-11-02 05:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 21:02 - 2016-11-02 05:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-10 21:02 - 2016-11-02 05:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 21:02 - 2016-11-02 05:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 21:02 - 2016-11-02 05:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 21:02 - 2016-11-02 05:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 21:02 - 2016-11-02 05:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 21:02 - 2016-11-02 05:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 21:02 - 2016-11-02 05:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 21:02 - 2016-11-02 05:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 21:02 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-10 21:01 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 21:01 - 2016-11-02 07:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 21:01 - 2016-11-02 06:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 21:01 - 2016-11-02 06:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 21:01 - 2016-11-02 06:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 21:01 - 2016-11-02 06:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 21:01 - 2016-11-02 06:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 21:01 - 2016-11-02 06:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 21:01 - 2016-11-02 06:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 21:01 - 2016-11-02 06:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 21:01 - 2016-11-02 06:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 21:01 - 2016-11-02 05:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 21:01 - 2016-11-02 05:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 21:01 - 2016-11-02 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 21:01 - 2016-11-02 05:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 21:01 - 2016-11-02 05:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 21:01 - 2016-11-02 05:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 21:01 - 2016-11-02 05:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 21:01 - 2016-11-02 05:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-10 21:01 - 2016-11-02 05:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 21:01 - 2016-11-02 05:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 21:01 - 2016-11-02 05:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 21:01 - 2016-11-02 05:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 21:01 - 2016-11-02 05:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 21:01 - 2016-11-02 05:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 21:01 - 2016-11-02 05:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 21:01 - 2016-11-02 05:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 21:01 - 2016-11-02 05:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 21:01 - 2016-11-02 05:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 21:01 - 2016-11-02 05:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 21:01 - 2016-11-02 05:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 21:01 - 2016-11-02 05:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 21:01 - 2016-11-02 05:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 21:01 - 2016-11-02 05:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 21:01 - 2016-11-02 05:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 21:01 - 2016-11-02 05:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 21:01 - 2016-11-02 05:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 21:01 - 2016-11-02 05:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 21:01 - 2016-11-02 05:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 21:01 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 21:01 - 2016-11-02 04:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 20:56 - 2016-11-02 05:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 20:55 - 2016-11-02 06:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 20:55 - 2016-11-02 06:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 20:55 - 2016-11-02 06:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 20:55 - 2016-11-02 06:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-10 20:55 - 2016-11-02 05:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 20:55 - 2016-11-02 05:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 20:55 - 2016-11-02 05:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 20:55 - 2016-11-02 05:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 20:55 - 2016-11-02 05:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 20:55 - 2016-11-02 05:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 20:55 - 2016-11-02 05:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 20:55 - 2016-11-02 05:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 20:55 - 2016-11-02 05:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 20:55 - 2016-11-02 05:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-10 20:55 - 2016-11-02 05:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 20:55 - 2016-11-02 05:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 20:55 - 2016-11-02 05:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 20:55 - 2016-11-02 05:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 20:55 - 2016-11-02 05:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 20:55 - 2016-11-02 05:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 20:55 - 2016-11-02 05:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 20:55 - 2016-11-02 05:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 20:55 - 2016-11-02 05:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 20:55 - 2016-11-02 05:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 20:55 - 2016-11-02 05:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 20:55 - 2016-11-02 05:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 20:55 - 2016-11-02 05:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 20:55 - 2016-11-02 05:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 20:55 - 2016-11-02 05:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-10 20:55 - 2016-11-02 05:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 20:55 - 2016-11-02 05:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 20:55 - 2016-11-02 05:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 20:55 - 2016-11-02 05:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-10 20:55 - 2016-11-02 05:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 20:55 - 2016-11-02 05:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 20:55 - 2016-11-02 05:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 20:55 - 2016-11-02 05:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 20:55 - 2016-11-02 05:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 20:55 - 2016-11-02 05:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 20:55 - 2016-11-02 05:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 20:55 - 2016-11-02 05:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 20:55 - 2016-11-02 05:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 20:55 - 2016-11-02 05:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 20:55 - 2016-11-02 05:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 20:55 - 2016-11-02 05:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 20:55 - 2016-11-02 05:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 20:55 - 2016-11-02 05:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 20:55 - 2016-11-02 05:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 20:55 - 2016-11-02 05:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 20:55 - 2016-11-02 03:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 20:54 - 2016-11-02 06:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 20:54 - 2016-11-02 06:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 20:54 - 2016-11-02 06:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 20:54 - 2016-11-02 06:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 20:54 - 2016-11-02 06:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 20:54 - 2016-11-02 06:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 20:54 - 2016-11-02 06:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 20:54 - 2016-11-02 06:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 20:54 - 2016-11-02 06:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 20:54 - 2016-11-02 06:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 20:54 - 2016-11-02 06:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 20:54 - 2016-11-02 05:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 20:54 - 2016-11-02 05:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 20:54 - 2016-11-02 05:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 20:54 - 2016-11-02 05:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 20:54 - 2016-11-02 05:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 20:54 - 2016-11-02 05:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 20:54 - 2016-11-02 05:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 20:54 - 2016-11-02 05:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 20:54 - 2016-11-02 05:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-10 20:54 - 2016-11-02 05:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 20:54 - 2016-11-02 05:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 20:54 - 2016-11-02 05:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 20:54 - 2016-11-02 05:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 20:54 - 2016-11-02 05:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 20:54 - 2016-11-02 05:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 20:54 - 2016-11-02 05:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 20:54 - 2016-11-02 05:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 20:54 - 2016-11-02 05:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 20:54 - 2016-11-02 05:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 20:54 - 2016-11-02 05:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 20:54 - 2016-11-02 05:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 20:54 - 2016-11-02 05:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 20:54 - 2016-11-02 05:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 20:54 - 2016-11-02 05:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 20:54 - 2016-11-02 05:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 20:54 - 2016-11-02 05:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 20:54 - 2016-11-02 05:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 20:54 - 2016-11-02 05:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 20:54 - 2016-11-02 05:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 20:54 - 2016-11-02 05:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 20:54 - 2016-11-02 05:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 20:54 - 2016-11-02 05:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 20:54 - 2016-11-02 05:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 20:53 - 2016-11-02 06:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 20:53 - 2016-11-02 06:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 20:53 - 2016-11-02 06:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 20:53 - 2016-11-02 06:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 20:53 - 2016-11-02 06:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 20:53 - 2016-11-02 06:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 20:53 - 2016-11-02 06:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 20:53 - 2016-11-02 06:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 20:53 - 2016-11-02 06:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 20:53 - 2016-11-02 06:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 20:53 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 20:53 - 2016-11-02 05:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 20:53 - 2016-11-02 05:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 20:53 - 2016-11-02 05:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 20:53 - 2016-11-02 05:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 20:53 - 2016-11-02 05:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 20:53 - 2016-11-02 05:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 20:53 - 2016-11-02 05:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 20:53 - 2016-11-02 05:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 20:53 - 2016-11-02 05:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 20:53 - 2016-11-02 05:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 20:53 - 2016-11-02 05:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 20:53 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-10 20:53 - 2016-11-02 05:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-10 20:53 - 2016-11-02 05:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 20:53 - 2016-11-02 05:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 20:53 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-10 20:53 - 2016-11-02 05:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 20:53 - 2016-11-02 05:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 20:53 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 20:53 - 2016-11-02 05:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 20:53 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 20:53 - 2016-11-02 05:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 20:53 - 2016-11-02 05:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 20:53 - 2016-11-02 05:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 20:53 - 2016-11-02 05:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-10 20:53 - 2016-11-02 05:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 20:53 - 2016-11-02 05:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 20:53 - 2016-11-02 05:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-10 20:53 - 2016-11-02 05:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 20:53 - 2016-11-02 05:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 20:52 - 2016-11-02 06:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 18:57 - 2016-11-10 18:57 - 00063711 _____ C:\Users\Melesia\Downloads\Untitled
2016-10-30 10:25 - 2016-11-24 20:39 - 00001299 _____ C:\Users\Melesia\Desktop\Facebook Gameroom.lnk
2016-10-30 10:25 - 2016-11-24 20:39 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-10-30 10:25 - 2016-10-30 10:25 - 00000000 ____D C:\Users\Melesia\AppData\Local\Facebook
2016-10-30 10:24 - 2016-10-30 10:24 - 00249504 _____ (Facebook) C:\Users\Melesia\Downloads\FacebookGameroom.exe

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Nov 27, 2016 11:50 pm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 18:27 - 2016-09-25 22:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-27 09:10 - 2015-06-18 19:51 - 00000010 _____ C:\Users\Melesia\AppData\Local\sponge.last.runtime.cache
2016-11-27 08:15 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-27 08:15 - 2015-05-16 20:47 - 00000000 ___RD C:\Users\Melesia\OneDrive
2016-11-26 21:58 - 2015-08-02 18:47 - 01154158 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-26 21:57 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-11-26 21:53 - 2016-09-25 22:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-26 21:53 - 2015-05-17 09:03 - 00000000 ____D C:\ProgramData\Trend Micro Installer
2016-11-25 20:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-25 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-11-25 14:06 - 2015-12-06 16:47 - 00000000 ____D C:\Users\Melesia\AppData\Roaming\Nitro
2016-11-24 18:23 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-24 06:39 - 2016-09-25 22:16 - 00000000 ____D C:\Users\Melesia
2016-11-23 20:20 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-23 20:19 - 2016-07-16 01:04 - 02359296 _____ C:\WINDOWS\system32\config\BBI
2016-11-23 20:04 - 2015-05-17 10:20 - 00000000 ____D C:\ProgramData\Trend Micro
2016-11-23 05:56 - 2015-05-17 09:32 - 00000000 ____D C:\Users\Melesia\AppData\Local\Trend Micro
2016-11-23 05:52 - 2016-02-29 07:13 - 00000000 ____D C:\ProgramData\TMDP_Setup
2016-11-23 05:52 - 2016-02-29 07:13 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-11-23 05:52 - 2015-05-17 10:20 - 00000000 ____D C:\Program Files\Trend Micro
2016-11-23 05:52 - 2012-07-26 00:26 - 00000253 _____ C:\WINDOWS\win.ini
2016-11-21 17:25 - 2015-05-16 07:46 - 00000000 ____D C:\Users\Melesia\AppData\Local\Packages
2016-11-21 08:18 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-19 20:07 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-14 18:53 - 2015-12-05 19:32 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 18:53 - 2015-12-05 19:32 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 10:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-13 09:49 - 2013-01-12 12:43 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-13 09:27 - 2016-09-25 22:08 - 00272112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-13 09:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-13 06:59 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-13 06:49 - 2015-05-16 12:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-13 06:38 - 2015-05-16 12:01 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-13 06:20 - 2016-05-11 20:47 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-13 06:20 - 2016-04-10 16:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-12 19:42 - 2016-09-25 22:50 - 00003980 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-12 19:41 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-10 20:40 - 2016-09-25 22:50 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 04:35 - 2016-09-25 22:50 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-11-09 04:35 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-06 09:48 - 2013-06-09 09:33 - 00000000 ____D C:\Users\Melesia\Documents\My Digital Editions
2016-11-05 20:55 - 2015-05-23 12:47 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-31 21:39 - 2015-05-17 16:32 - 00000000 ____D C:\Users\Melesia\AppData\Local\Google
2016-10-30 19:41 - 2015-11-21 19:17 - 00000000 ____D C:\Users\Melesia\AppData\Local\ElevatedDiagnostics
2016-10-29 19:07 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 19:06 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-05-17 10:17 - 2015-05-17 10:17 - 0000036 _____ () C:\Users\Melesia\AppData\Local\housecall.guid.cache
2015-06-18 19:51 - 2016-11-27 09:10 - 0000010 _____ () C:\Users\Melesia\AppData\Local\sponge.last.runtime.cache
2016-09-25 22:10 - 2016-09-25 22:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-17 17:06 - 2015-07-03 22:48 - 0000040 _____ () C:\ProgramData\InstallerWebUI.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Sun Nov 27, 2016 11:51 pm

Addition file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2016
Ran by Melesia (27-11-2016 18:36:27)
Running from C:\Users\Melesia\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 03:56:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3240382664-3217752032-3399020223-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3240382664-3217752032-3399020223-503 - Limited - Disabled)
Guest (S-1-5-21-3240382664-3217752032-3399020223-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3240382664-3217752032-3399020223-1009 - Limited - Enabled)
Melesia (S-1-5-21-3240382664-3217752032-3399020223-1001 - Administrator - Enabled) => C:\Users\Melesia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {6458A697-CD62-2062-F924-44AA7F87C1E7}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {DF394773-EB58-2FEC-C394-7FD804008B5A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Gameroom 1.1.0.4 (HKLM-x32\...\{B8CD1A29-258D-4DE6-AD03-9FA57B223279}) (Version: 1.1.0.4 - Facebook)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.79.00 - Exent Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1901 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-3240382664-3217752032-3399020223-1001\...\cbe8636f7dd0cf1d) (Version: 1.6.1.1 - Lenovo)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.5926 - Lenovo)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nitro Pro 10 (HKLM-x32\...\{745003a9-107a-4ea3-ad73-02bb6b93a5d3}) (Version: 10.5.6.14 - Nitro)
Nitro Pro 10 (Version: 10.5.6.14 - Nitro) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 11.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1189 - Trend Micro Inc.)
Trend Micro Titanium (Version: 11.0 - Trend Micro Inc.) Hidden
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0.1068 - Trend Micro Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
VMware Horizon Client (HKLM\...\{9A01376A-2582-493C-A352-8E2529D17F2C}) (Version: 4.2.0.2831 - VMware, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EA4B086-ACDD-49E7-9B4A-C7BF6FCFD0CE} - \WPD\SqmUpload_S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {167131A3-2F87-43B0-AE13-5BB82C4F08DE} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {192AC568-A88A-4D97-B51D-E4486E2CB36B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-13] (Microsoft Corporation)
Task: {1CC21E52-AC49-4B0F-92EC-F39CC7CA7FCA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {253B9D02-A2D9-417E-AB73-D7630853ED80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {2F114C83-760D-4225-BD37-99995F577DB6} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {2F30B61C-45F6-425D-B3C3-57A1B7A219C7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37B883CB-D5AA-4059-8863-7BA1F8EA5406} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {37C48DFF-D9C5-48C2-B948-94C6C6A6796E} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {4C8C7E3C-D168-4AB8-BA00-F9EF0D8A4BF9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {557C7F8D-7615-45B9-B5D1-9181EC2F064D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {55952246-157E-4A5C-B3A7-91F7DD80EDC1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {55A49716-1C22-4ECF-8507-A5C8E9326E11} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5A3E0EEB-0EC2-411F-A386-B76D4ED7640D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {5F192CED-E5F5-45C6-8D56-110D97145845} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {6C7F6726-DD4C-4A24-99A8-8AF140F48961} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7050C227-E0D4-47BC-B66E-98CD1AF7286C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {765C009E-FC34-45CB-95A3-707677CA2C53} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {77FA1707-F30F-40F4-93AC-29107FBA2963} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7D194F49-7628-4B14-B3B2-008590665580} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [2016-08-16] (Trend Micro Inc.)
Task: {7E8FAB75-68E2-4E70-BF27-5445F1AF00E5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {88F8C61C-EEF6-4B6A-BEE9-9D1F36A8F0B7} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
Task: {9AED61C1-7F2C-470A-B9B6-F6055F31323D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AE085A6B-174B-4EC1-AF93-93EBFC32437B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B40F3C72-388C-4B60-A535-A2939B6E4FCE} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {BB8FAF21-9E40-4558-96B3-F94C17F1DB9B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {BC5E52A1-D414-4E93-AD20-04263517639A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C66C65E6-B02A-441E-85A3-C5C82F88D870} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {C66EBDA8-635E-4521-8F16-B3EBA8ED4180} - \Lenovo\Lenovo Service Bridge\S-1-5-21-3240382664-3217752032-3399020223-1001 -> No File <==== ATTENTION
Task: {D5DA7090-951A-450D-A70D-A9B6293369EA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-12] (Adobe Systems Incorporated)
Task: {DDEAEE52-FF37-45C1-8799-123529D9FC68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F911C187-379D-42F0-A229-2749DAA3F994} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay on Mon Nov 28, 2016 12:46 am

Hello again,

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download [You must be registered and logged in to see this link.] to your desktop.

  • Double-click mbam-setup-2.0.0.****.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.


  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Mon Nov 28, 2016 11:31 am

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Scan Date: 11/27/2016
Scan Time: 10:57 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.11.28.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Melesia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331779
Time Elapsed: 31 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay on Mon Nov 28, 2016 11:32 pm

Okay, does not look like any logs are revealing any issues, so we will check deeper with this tool...

Malwarebytes Anti-Rootkit

Please download [You must be registered and logged in to see this link.] and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and [You must be registered and logged in to see this link.] all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc on Tue Nov 29, 2016 11:32 am

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
[You must be registered and logged in to see this link.]

Database version:
  main:    v2016.11.29.01
  rootkit: v2016.11.20.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
Melesia :: TULLY_LAPTOP [administrator]

11/28/2016 10:32:33 PM
mbar-log-2016-11-28 (22-32-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 332707
Time elapsed: 41 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


System.txt  log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.447.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 4152123392, free: 1758048256

Downloaded database version: v2016.11.29.01
Downloaded database version: v2016.11.20.01
Downloaded database version: v2016.11.28.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     11/28/2016 22:32:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\TMEBC64.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\TMUMH.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\L1C63x64.sys
\SystemRoot\system32\DRIVERS\bcmwl63a.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\drivers\bcbtums.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\Drivers\vm331avs.sys
\SystemRoot\System32\drivers\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\bthmodem.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\WINDOWS\system32\drivers\hcmon.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tmusa.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\DRIVERS\tmnciesc.sys
\SystemRoot\system32\DRIVERS\tmeevw.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2016.11.29.01
  rootkit: v2016.11.20.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffb2028019e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffb202801acae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffb2028019d040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffb2028019e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffb2027ebf7060, DeviceName: \Device\0000002a\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1C9C218D

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 812057727
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid 194366eb-5104-41c5-9845-7ca2c91e217d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 812057727
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid 194366eb-5104-41c5-9845-7ca2c91e217d
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 49ae4271-1870-4265-a9bd-d37bfa72c17d
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 85fb3526-b71f-4958-9e1f-3211614a10f2
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID b451bece-a0b7-4d68-892e-c347aa7d264b
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a4e5227d-8cb2-4fa7-b71f-c014da2d7dc0
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 436ea3cf-2ed9-4d30-8a6d-488dacafef2
    FirstLBA 4892672  Last LBA 881479679
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 97b7fd02-b92a-4ad8-ae96-17d65a96b1
    FirstLBA 881479680  Last LBA 882401279
    Attributes 1
    Partition Name                                     

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 780e4abb-10ba-4f69-8826-afe74ee992d0
    FirstLBA 882401280  Last LBA 934830079
    Attributes 0
    Partition Name                 Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4a1ca1ba-b326-4d55-881b-4733e118e798
    FirstLBA 934830080  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Melesia\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay on Tue Nov 29, 2016 6:27 pm

Okay, we will do some troubleshooting here with your antivirus...

Follow the instructions on this page to completely remove Trend Micro products (please take note of your activation key so you can reinstall when necessary): [You must be registered and logged in to see this link.]

While it is uninstalled, please take note of how the computer runs as a whole and let me know.

Then, reinstall the antivirus and see if it changes or stays about the same.

How this turns out will depend on what we do next together on this problem. My Buddy


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay Yesterday at 7:35 am

It's been a few days. How is this going for you?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by SASSY_Nc Today at 12:43 am

Sorry it's taken me so long to get back to you.  It seems to be working great now!  It's not taking as long to boot up and it's not doing the blinking thing that it was doing.

SASSY_Nc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 58
Joined : 2010-07-25
OS : windows 10

View user profile

Back to top Go down

In Progress Re: Computer acting strange

Post by Dr Jay Today at 2:26 am

Did you remove Trend Micro products as a troubleshooting step, or is it running okay regardless?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:


  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum