Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 problem (runs fine in safe mode)


  • This topic is locked This topic is locked
12 replies to this topic

#1 grateful dad

grateful dad

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 January 2017 - 05:08 PM

2 nights ago our laptop was left on all night, when I woke up the computer was not running properly at all.  Extremely sluggish and barely opens any programs.  I had a hard time getting it into safe mode to be able to write this out.  I tried running malwarebytes a few times with varied results.  First few times it just wouldn't open and the computer would freeze shortly after.  I ran rkill before malwayrebytes and one time it scanned about 400k files, found 3 threats in 30 minutes and then got stuck on heuristic analysis for over 4 hours before I canceled.  The last time I ran it was scanning extremely slow and had only scanned 3.2k files after over an hour. 

 

In safe mode the computer it runs fine with no issues.  It seems when I start in normal mode it runs smooth for about a minute then everything locks up.  Nothing responds and eventually I have to turn the computer off by the power button.  The night before the computer was running with no issues at all. 

 

If anyone can give many any ideas or advice it would be greatly appreciated.  I'm willing to try whatever it takes at this point.  Thanks.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Michael (administrator) on MONROE (06-01-2017 16:51:27)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael & lmonr_000)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\Run: [Facebook Update] => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-16] (Facebook Inc.)
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\Run: [iCall] => C:\Program Files (x86)\iCall\iCall.exe [4819136 2012-03-02] ()
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\MountPoints2: {b504c843-b4ac-11e5-bee2-606c66c7bcb1} - "D:\InnoTabSetup.exe"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
Tcpip\..\Interfaces\{212F5CBB-5B34-4322-A546-A4CDF22290DB}: [DhcpNameServer] 10.240.205.161

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> DefaultScope {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r0wuxi8h.default-1441495888144 [2017-01-06]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\r0wuxi8h.default-1441495888144 -> Google
FF Extension: (Firefox Hotfix) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r0wuxi8h.default-1441495888144\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF Extension: (Adblock Plus) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\r0wuxi8h.default-1441495888144\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon [2016-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.5.2.15\coFFAddon
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-924171896-3884655042-2258627432-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Michael\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2017-01-05]
CHR Extension: (Google Slides) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-13]
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-09-24]
CHR Extension: (Google Sheets) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\Exts\Chrome.crx [2016-11-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-03-27] (Nuance Communications, Inc.)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [File not signed]
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\NAV.exe [289080 2016-11-12] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\BASHDefs\20160907.004\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
S3 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S1 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAVx64\1608010.00E\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-28] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-28] (Symantec Corporation)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\IPSDefs\20161216.005\IDSvia64.sys [1038032 2016-12-16] (Symantec Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-06] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [3345376 2013-10-09] (Intel Corporation)
S2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 SRTSP; C:\WINDOWS\System32\Drivers\NAVx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
S3 SRTSPX; C:\WINDOWS\system32\drivers\NAVx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NAVx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\NAVx64\1608010.00E\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-10-17] (Symantec Corporation)
S3 SymIRON; C:\WINDOWS\system32\drivers\NAVx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
S3 SymNetS; C:\WINDOWS\System32\Drivers\NAVx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
R0 THAccel; C:\WINDOWS\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-06] ()
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 16:51 - 2017-01-06 16:52 - 00018836 _____ C:\Users\Michael\Desktop\FRST.txt
2017-01-06 16:51 - 2017-01-06 16:51 - 00000000 ____D C:\FRST
2017-01-06 16:43 - 2017-01-06 16:43 - 02418176 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2017-01-06 16:26 - 2017-01-06 16:26 - 24018944 _____ C:\Users\Michael\Downloads\OldSchool(4).msi
2017-01-06 14:57 - 2017-01-06 14:57 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000031-000000.txt
2017-01-06 14:17 - 2017-01-06 14:17 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000030-000000.txt
2017-01-06 13:58 - 2017-01-06 13:58 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000029-000000.txt
2017-01-06 13:50 - 2017-01-06 13:50 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000028-000000.txt
2017-01-06 13:46 - 2017-01-06 13:46 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\eXplorer64.exe
2017-01-06 12:46 - 2017-01-06 14:20 - 00002140 _____ C:\Users\Michael\Desktop\Rkill.txt
2017-01-06 12:45 - 2017-01-06 12:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000027-000000.txt
2017-01-06 12:43 - 2017-01-06 12:43 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\eXplorer.exe
2017-01-06 11:17 - 2017-01-06 11:17 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2017-01-06 11:08 - 2017-01-06 11:08 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2017-01-06 11:00 - 2017-01-06 11:00 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2017-01-06 10:52 - 2017-01-06 10:52 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2017-01-06 10:18 - 2017-01-06 14:02 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-01-06 10:18 - 2017-01-06 10:18 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-06 10:17 - 2017-01-06 10:18 - 25846856 _____ C:\Users\Michael\Desktop\RogueKillerX64.exe
2017-01-06 10:04 - 2017-01-06 10:07 - 00000000 ____D C:\AdwCleaner
2017-01-06 10:03 - 2017-01-06 10:03 - 03977168 _____ C:\Users\Michael\Desktop\AdwCleaner.exe
2017-01-06 10:01 - 2017-01-06 10:01 - 00852504 _____ C:\Users\Michael\Desktop\SecurityCheck.exe
2017-01-06 09:39 - 2017-01-06 09:40 - 00241410 _____ C:\TDSSKiller.3.1.0.12_06.01.2017_09.39.43_log.txt
2017-01-06 09:39 - 2017-01-06 09:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Michael\Downloads\tdsskiller.exe
2017-01-06 07:32 - 2017-01-06 07:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2017-01-06 07:23 - 2017-01-06 07:23 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2017-01-06 07:10 - 2017-01-06 14:59 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-06 07:10 - 2017-01-06 07:10 - 00001894 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-06 07:10 - 2017-01-06 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-06 07:10 - 2017-01-06 07:10 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-06 07:10 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-06 07:07 - 2017-01-06 07:07 - 54199488 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-06 06:55 - 2017-01-06 15:21 - 00000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2017-01-06 06:49 - 2017-01-06 06:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2017-01-05 20:54 - 2017-01-05 20:54 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2017-01-05 18:18 - 2017-01-05 18:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2017-01-05 17:40 - 2017-01-05 17:40 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2017-01-05 17:33 - 2017-01-05 17:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2017-01-05 16:09 - 2017-01-05 16:11 - 00000000 ____D C:\WINDOWS\pss
2017-01-05 12:20 - 2017-01-05 12:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2017-01-05 12:08 - 2017-01-05 12:08 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2017-01-05 11:49 - 2017-01-05 11:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2017-01-05 11:40 - 2017-01-05 11:40 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2017-01-05 11:16 - 2017-01-05 11:16 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2017-01-05 09:44 - 2017-01-05 09:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2017-01-05 09:43 - 2017-01-05 09:43 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2017-01-05 09:36 - 2017-01-05 09:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2017-01-05 09:34 - 2017-01-05 09:34 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2017-01-05 09:19 - 2017-01-05 09:19 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2017-01-05 09:10 - 2017-01-05 09:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-01-05 09:07 - 2017-01-06 15:03 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-05 09:02 - 2017-01-05 09:02 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2017-01-05 08:39 - 2017-01-05 08:39 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-01-05 08:30 - 2017-01-05 08:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-01-05 08:06 - 2017-01-05 08:06 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-01-05 07:47 - 2017-01-05 07:47 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2016-12-19 09:19 - 2016-12-19 09:30 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-19 09:19 - 2016-12-19 09:19 - 00002790 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-19 09:19 - 2016-12-19 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-19 09:19 - 2016-12-19 09:19 - 00000000 ____D C:\Program Files\CCleaner
2016-12-19 09:15 - 2016-12-19 09:15 - 08803648 _____ (Piriform Ltd) C:\Users\Michael\Downloads\ccsetup525.exe
2016-12-19 09:04 - 2016-12-19 09:04 - 00001042 _____ C:\Users\Michael\Desktop\RegSeeker.lnk
2016-12-19 09:04 - 2016-12-19 09:04 - 00001042 _____ C:\Users\lmonr_000\Desktop\RegSeeker.lnk
2016-12-19 09:04 - 2016-12-19 09:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegSeeker
2016-12-19 09:04 - 2016-12-19 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegSeeker
2016-12-19 09:04 - 2016-12-19 09:04 - 00000000 ____D C:\Program Files (x86)\RegSeeker
2016-12-19 09:02 - 2016-12-19 09:02 - 00715214 _____ C:\Users\Michael\Downloads\RegSetup.zip
2016-12-19 08:55 - 2016-12-19 08:56 - 51969976 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-17 23:31 - 2016-12-17 23:31 - 00000000 ____D C:\Users\Michael\AppData\Local\TeamViewer
2016-12-17 23:28 - 2017-01-06 14:31 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-17 23:28 - 2016-12-17 23:28 - 00001066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-17 23:28 - 2016-12-17 23:28 - 00001054 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-17 23:28 - 2016-12-17 23:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\TeamViewer
2016-12-17 23:25 - 2016-12-17 23:25 - 12922384 _____ (TeamViewer GmbH) C:\Users\Michael\Downloads\TeamViewer_Setup_en.exe
2016-12-16 13:31 - 2016-12-16 13:31 - 00000708 _____ C:\Users\Michael\AppData\Local\recently-used.xbel
2016-12-16 07:55 - 2016-12-16 07:55 - 00000000 ____D C:\Users\Michael\AppData\Local\Intel
2016-12-16 07:54 - 2016-12-16 07:54 - 00003210 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2016-12-16 07:54 - 2016-12-16 07:54 - 00001193 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.6.lnk
2016-12-16 07:54 - 2016-12-16 07:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-12-16 07:54 - 2016-12-16 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-12-16 07:54 - 2016-12-16 07:54 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-12-16 07:54 - 2016-10-18 17:14 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2016-12-16 07:53 - 2016-12-16 07:53 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2016-12-16 07:52 - 2016-12-16 07:52 - 09927544 _____ (Intel) C:\Users\Michael\Downloads\Intel Driver Update Utility Installer.exe
2016-12-16 07:50 - 2016-12-16 07:57 - 00000000 ____D C:\Users\Michael\AppData\Local\Jagex
2016-12-16 07:50 - 2016-12-16 07:57 - 00000000 ____D C:\ProgramData\Jagex
2016-12-16 07:49 - 2016-12-16 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagex
2016-12-16 07:49 - 2016-12-16 07:49 - 00000000 ____D C:\Program Files\Jagex
2016-12-16 07:48 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-12-16 07:48 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-12-16 07:48 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-12-16 07:48 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-12-16 07:48 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-12-16 07:48 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-12-16 07:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-12-16 07:48 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-12-16 07:48 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-12-16 07:48 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-12-16 07:48 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-12-16 07:48 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-12-16 07:48 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-12-16 07:48 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-12-16 07:48 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-12-16 07:48 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-12-16 07:48 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-12-16 07:48 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-12-16 07:48 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-12-16 07:48 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-12-16 07:48 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-12-16 07:48 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-12-16 07:48 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-12-16 07:48 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-12-16 07:48 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-12-16 07:48 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-12-16 07:48 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-12-16 07:48 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-16 07:48 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-12-16 07:48 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-16 07:48 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-16 07:48 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-16 07:48 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-12-16 07:48 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-12-16 07:48 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-12-16 07:48 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-12-16 07:48 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-12-16 07:48 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-12-16 07:48 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-12-16 07:48 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-12-16 07:48 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-12-16 07:48 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-12-16 07:48 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-12-16 07:48 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-12-16 07:48 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-12-16 07:48 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-12-16 07:48 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-12-16 07:48 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-12-16 07:48 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-12-16 07:48 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-12-16 07:48 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-12-16 07:48 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-12-16 07:48 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-12-16 07:48 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-12-16 07:48 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-12-16 07:48 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-12-16 07:48 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-12-16 07:48 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-12-16 07:48 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-12-16 07:48 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-12-16 07:48 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-12-16 07:48 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-12-16 07:48 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-12-16 07:48 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-12-16 07:48 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-12-16 07:48 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-12-16 07:48 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-12-16 07:48 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-12-16 07:48 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-12-16 07:48 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-12-16 07:48 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-12-16 07:48 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-12-16 07:48 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-12-16 07:48 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-12-16 07:48 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-12-16 07:48 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-12-16 07:48 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-12-16 07:48 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-12-16 07:47 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-12-16 07:47 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-12-16 07:47 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-12-16 07:47 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-12-16 07:47 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-12-16 07:47 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-12-16 07:47 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-12-16 07:47 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-12-16 07:47 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-12-16 07:47 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-12-16 07:47 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-12-16 07:47 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-12-16 07:47 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-12-16 07:47 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-12-16 07:47 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-12-16 07:47 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-12-16 07:47 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-12-16 07:47 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-12-16 07:47 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-12-16 07:47 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-12-16 07:47 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-12-16 07:47 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-12-16 07:47 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-12-16 07:47 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-12-16 07:47 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-12-16 07:47 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-12-16 07:47 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-12-16 07:47 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-12-16 07:47 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-12-16 07:47 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-12-16 07:47 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-12-16 07:47 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-12-16 07:47 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-12-16 07:47 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-12-16 07:47 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-12-16 07:47 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-12-16 07:47 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-12-16 07:47 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-12-16 07:47 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-12-16 07:47 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-12-16 07:47 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-12-16 07:47 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-12-16 07:45 - 2016-12-16 07:47 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-16 07:44 - 2016-12-16 07:48 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-16 07:43 - 2016-12-16 07:43 - 03866088 _____ (Jagex Ltd ) C:\Users\Michael\Downloads\RuneScape-Setup.exe
2016-12-14 07:38 - 2016-12-14 07:46 - 00000000 ____D C:\Users\Michael\Downloads\ePSXe205
2016-12-14 07:37 - 2016-12-14 07:38 - 01381554 _____ C:\Users\Michael\Downloads\ePSXe205.zip
2016-12-13 21:22 - 2016-12-01 09:13 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-12-13 21:22 - 2016-12-01 09:13 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-12-13 21:22 - 2016-12-01 09:11 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-12-13 21:22 - 2016-12-01 09:11 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-12-13 21:22 - 2016-10-20 08:14 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-12-13 21:22 - 2016-10-20 08:10 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-12-13 21:00 - 2016-11-19 16:24 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 21:00 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 21:00 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 21:00 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 21:00 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 21:00 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 21:00 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-13 21:00 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 21:00 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-13 21:00 - 2016-11-05 13:35 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 21:00 - 2016-11-05 12:57 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 21:00 - 2016-11-05 12:11 - 03606528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 21:00 - 2016-11-05 10:56 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-12-13 21:00 - 2016-11-05 10:46 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-12-13 21:00 - 2016-10-12 16:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-12-13 21:00 - 2016-10-10 18:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-12-13 21:00 - 2016-10-10 13:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-12-13 21:00 - 2016-10-08 16:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-12-13 21:00 - 2016-10-08 16:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-12-13 21:00 - 2016-10-05 09:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-12-13 21:00 - 2016-10-05 09:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-12-13 21:00 - 2016-10-04 23:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-12-13 21:00 - 2016-10-04 23:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-12-13 21:00 - 2016-09-20 17:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-12-13 20:59 - 2016-11-19 16:24 - 00152856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 20:59 - 2016-11-19 14:29 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-12-13 20:59 - 2016-11-19 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-12-13 20:59 - 2016-11-19 12:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-12-13 20:59 - 2016-11-19 12:22 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 20:59 - 2016-11-16 16:49 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 20:59 - 2016-11-12 16:06 - 00738104 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-12-13 20:59 - 2016-11-12 14:38 - 00613632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-12-13 20:59 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-12-13 20:59 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-12-13 20:59 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-12-13 20:59 - 2016-11-12 13:23 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-12-13 20:59 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-12-13 20:59 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-12-13 20:59 - 2016-11-12 12:45 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-12-13 20:59 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-12-13 20:59 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-13 20:59 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-12-13 20:59 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-13 20:59 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-12-13 20:59 - 2016-11-10 21:33 - 01541240 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 20:59 - 2016-11-09 12:25 - 01376768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 20:59 - 2016-11-05 15:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-12-13 20:59 - 2016-10-27 21:56 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-12-13 20:59 - 2016-10-27 09:28 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-12-13 20:59 - 2016-10-12 16:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-12-13 20:59 - 2016-10-11 11:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-12-13 20:59 - 2016-10-10 13:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-12-13 20:59 - 2016-10-09 09:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-12-13 20:59 - 2016-10-09 09:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-12-13 20:59 - 2016-10-09 09:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-12-13 20:59 - 2016-10-08 17:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-12-13 20:59 - 2016-10-05 09:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-12-13 20:59 - 2016-10-05 08:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-12-13 20:59 - 2016-10-05 08:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-12-13 20:59 - 2016-10-04 23:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-12-13 20:59 - 2016-10-04 23:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-12-13 20:59 - 2016-09-27 15:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-06 16:48 - 2016-11-19 16:29 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla
2017-01-06 15:41 - 2015-09-06 09:28 - 00000435 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-01-06 14:58 - 2014-01-18 15:08 - 00000000 __RDO C:\Users\Michael\SkyDrive
2017-01-06 14:58 - 2013-12-03 12:49 - 00000000 ____D C:\Users\Michael
2017-01-06 14:58 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-06 14:58 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-06 14:22 - 2013-08-05 19:07 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-924171896-3884655042-2258627432-1001
2017-01-06 13:17 - 2014-12-28 19:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-06 11:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-06 10:54 - 2016-11-25 10:44 - 00000000 ____D C:\ProgramData\Skype
2017-01-06 10:54 - 2013-08-05 23:02 - 00000000 ____D C:\Users\Michael\jagexcache
2017-01-06 10:46 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-06 09:37 - 2016-02-24 17:28 - 00000000 ____D C:\Users\Michael\Desktop\2015w2
2017-01-06 07:57 - 2013-08-07 09:52 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004UA.job
2017-01-06 07:57 - 2013-08-07 09:52 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004Core.job
2017-01-06 07:10 - 2016-01-27 12:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-06 07:04 - 2014-03-16 18:36 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-06 06:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2017-01-06 06:42 - 2014-05-16 20:36 - 00000950 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001UA.job
2017-01-05 20:54 - 2014-05-16 20:36 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001Core.job
2017-01-05 16:31 - 2013-08-09 08:41 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2017-01-05 16:04 - 2016-11-25 10:45 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2017-01-05 15:40 - 2013-08-10 01:25 - 00000046 _____ C:\Users\Michael\jagex_cl_oldschool_LIVE.dat
2017-01-05 07:56 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-04 23:17 - 2014-08-07 18:29 - 00000024 _____ C:\Users\Michael\jagexappletviewer.preferences
2017-01-04 01:34 - 2015-09-05 18:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-12-30 04:27 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-29 09:01 - 2013-08-22 08:25 - 71565312 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-29 08:59 - 2013-08-22 10:31 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-29 08:56 - 2013-12-03 12:46 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{9f037fb9-2982-11e3-93f1-b8ca3aee0e44}.TMContainer00000000000000000001.regtrans-ms
2016-12-29 08:56 - 2013-12-03 12:46 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{9f037fb9-2982-11e3-93f1-b8ca3aee0e44}.TM.blf
2016-12-23 22:18 - 2016-09-14 11:37 - 00000000 ____D C:\Users\Michael\Desktop\DCIM
2016-12-19 09:41 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-19 09:24 - 2014-06-11 11:58 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-19 09:24 - 2013-12-03 12:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-19 09:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\debug
2016-12-19 09:24 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Logs
2016-12-19 09:19 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-19 09:04 - 2013-12-03 12:49 - 00000000 ___RD C:\Users\lmonr_000\Desktop
2016-12-19 08:55 - 2013-12-03 12:49 - 00000000 ___SD C:\Users\Michael\AppData\Roaming\Microsoft
2016-12-19 06:00 - 2013-08-22 09:44 - 00337864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-17 23:28 - 2013-12-03 12:49 - 00000000 ____D C:\Users\Michael\AppData\Roaming
2016-12-17 23:28 - 2013-08-22 08:36 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-17 16:40 - 2013-12-03 12:46 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{9f037fb9-2982-11e3-93f1-b8ca3aee0e44}.TMContainer00000000000000000002.regtrans-ms
2016-12-17 09:32 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-17 00:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 22:00 - 2016-11-17 21:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 22:00 - 2013-08-05 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-16 21:58 - 2013-12-03 12:42 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 21:58 - 2013-12-03 12:42 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{e1793794-0b3d-11e3-9dfe-80de722c933b}.TM.blf
2016-12-16 21:46 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-16 21:45 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-16 21:45 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-16 21:45 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-16 18:56 - 2014-03-16 18:36 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 18:56 - 2014-03-16 18:36 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 18:56 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 13:30 - 2016-02-18 10:15 - 00000000 ____D C:\Users\Michael\AppData\Roaming\gnupg
2016-12-16 13:24 - 2016-02-18 10:19 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0
2016-12-16 07:54 - 2013-07-16 17:00 - 00000000 ____D C:\ProgramData\Intel
2016-12-16 07:54 - 2013-07-16 17:00 - 00000000 ____D C:\Program Files\Intel
2016-12-16 07:53 - 2013-07-16 17:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 07:47 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-13 22:17 - 2014-12-28 19:27 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 22:17 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 22:17 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 21:31 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 21:30 - 2013-08-13 21:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 21:25 - 2013-08-06 09:46 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-11 18:00 - 2015-09-07 18:40 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:00 - 2015-09-07 18:40 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 06:35 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

==================== Files in the root of some directories =======

2016-12-16 13:31 - 2016-12-16 13:31 - 0000708 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Michael\AppData\Local\Temp\libeay32.dll
C:\Users\Michael\AppData\Local\Temp\msvcr120.dll
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-01 04:19

==================== End of FRST.txt ============================


Edited by Chris Cosgrove, 06 January 2017 - 05:21 PM.
3 accidentally duplicated topics deleted.


BC AdBot (Login to Remove)

 


#2 grateful dad

grateful dad
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 January 2017 - 05:27 PM

Sorry I thought I attached Addition.txt but didn't see it in the post.  Here it is.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Michael (06-01-2017 16:53:01)
Running from C:\Users\Michael\Desktop
Windows 8.1 (Update) (X64) (2013-12-03 18:26:07)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-924171896-3884655042-2258627432-500 - Administrator - Disabled)
Guest (S-1-5-21-924171896-3884655042-2258627432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-924171896-3884655042-2258627432-1003 - Limited - Enabled)
lmonr_000 (S-1-5-21-924171896-3884655042-2258627432-1004 - Administrator - Enabled) => C:\Users\lmonr_000
Michael (S-1-5-21-924171896-3884655042-2258627432-1001 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon Assistant Application en-US version 1.5.4 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.4 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.8 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.4 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.4 - Nuance Communications, Inc.)
DTS Studio Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
iCall (HKLM-x32\...\iCall 7.1.521) (Version: 7.1.521 - iCall, Inc)
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 22.8.1.14 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
RegSeeker (HKLM-x32\...\RegSeeker) (Version: 2.57.2212 - HoverDesk)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.2 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VTech Software Installer version 20151224 (HKLM-x32\...\{798BB333-99C2-4164-A473-D4B5C0DB4E01}_is1) (Version: 20151224 - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1816F479-5B94-48CA-977D-6BC79AB450BA} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3C530A64-B46C-4563-BE18-45A5B15345F5} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {3FF7F4BE-72B3-445E-8891-65C161DB93CC} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {5170F0DD-844C-4CB8-BEA3-6CBB1F6C2A75} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {5D10AA7A-6E1A-4DC6-910F-67E855949FA4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {632F1E03-ABAC-448E-825C-0A8A4B4BD542} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {63F94E9B-86CF-4AF0-8853-E8BA0ADE2679} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {702AF744-C948-4D3E-A913-3F682964D67C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {70323D09-9A10-4B63-AB1F-E50F6FC2CBED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {79977BC0-3ABC-47A9-8AEA-4D921A9ECB39} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {84D3D4A6-1108-4019-AC18-A5374718E478} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2016-11-11] (Symantec Corporation)
Task: {8851B8EF-657E-4D94-9160-11067B69FA17} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004UA => C:\Users\lmonr_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-07] (Facebook Inc.)
Task: {8E03AED7-B419-4B7C-9505-291BE904CACB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004Core => C:\Users\lmonr_000\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-07] (Facebook Inc.)
Task: {8E9ECFE9-1C95-4DE7-9320-BBDBF57D51E2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {93B38EE4-1B14-432A-A20E-AC5A2589B868} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-06] (Google Inc.)
Task: {A960797F-EABB-4FBF-853F-E297FDE13322} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {B21C8CCD-B5FD-4AF7-B6C3-17A3687BD56F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001Core => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-16] (Facebook Inc.)
Task: {B60AD7D8-D6BD-4E8B-ACD1-E31823FAFF98} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {D20186A3-1164-4C2C-98BC-6089DE5F0FC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {DAA7B6AC-1917-4BF0-8AFF-D3BD559A2F63} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001UA => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-16] (Facebook Inc.)
Task: {DD9D332E-A5BC-48A5-A053-F2FE4A049CE6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E1A82C3E-1B98-4EFC-918F-055C0451A66F} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {E87E42B8-BE05-4CEB-AE55-A95E190DB70B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001Core.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1001UA.job => C:\Users\Michael\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004Core.job => C:\Users\lmonr_000\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-924171896-3884655042-2258627432-1004UA.job => C:\Users\lmonr_000\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-06 07:10 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-924171896-3884655042-2258627432-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Innovation\White.jpg
DNS Servers: 10.240.205.161
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "1.TPUReg"
HKLM\...\StartupApproved\Run32: => "AmIcoSinglun64"
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\StartupApproved\Run: => "iCall"
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{500624B1-3AD2-4538-9CCC-3FFF753A3D1B}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D92F4B89-8618-4409-B56E-BD96700C9D8B}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{2B3F476E-5644-4D79-9E86-AEE5951E0EB0}C:\users\michael\appdata\local\facebook\video\skype\facebookvideocalling.exe] => C:\users\michael\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query User{0C6E349C-25AA-44D6-8A1C-F209A7547100}C:\users\michael\appdata\local\facebook\video\skype\facebookvideocalling.exe] => C:\users\michael\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{0FAE2E1D-8774-44F8-8930-02AEA84052AA}] => C:\Users\Michael\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{329E8C4A-0F0C-45FD-92FB-0B17253C50CF}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89B581AB-0364-4E5F-8ACA-4C9C787E385B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{03343F4F-5E0C-49CA-B173-BD70435568FC}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{393B694F-4D7B-4B76-85A9-47433E69F7ED}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{875A9908-B658-4E5B-B329-2395C8AA0282}] => %systemroot%\system32\alg.exe
FirewallRules: [{EF7FD1F4-0973-4BBE-9B33-DBDC09CAEFB8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24F10854-DB4D-42A5-95F6-61427E54BD23}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6BA107AC-1FFC-47D0-9795-87EB0E482B4B}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1F460304-5482-4E24-86C8-810914B4C681}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F936E344-E53A-4D91-A85D-5519396C912C}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DC45F406-A5EA-4D9B-9E52-4CA8631E2853}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ADBACB1B-47B9-40D3-8672-7AA520D27637}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD9D096F-3186-4670-8B5F-1FDA3BCF8F1F}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

05-01-2017 09:46:44 Removed Skype™ 7.30
06-01-2017 10:53:51 Removed Skype™ 7.30

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2017 03:03:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/06/2017 03:03:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/06/2017 02:58:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MONROE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/06/2017 02:58:29 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/06/2017 02:17:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/06/2017 01:50:45 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/06/2017 12:50:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/06/2017 12:50:33 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/06/2017 12:46:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (01/06/2017 11:18:22 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (01/06/2017 04:53:02 PM) (Source: DCOM) (EventID: 10005) (User: MONROE)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/06/2017 04:53:02 PM) (Source: DCOM) (EventID: 10005) (User: MONROE)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/06/2017 04:52:58 PM) (Source: DCOM) (EventID: 10005) (User: MONROE)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/06/2017 04:52:58 PM) (Source: DCOM) (EventID: 10005) (User: MONROE)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/06/2017 04:52:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


CodeIntegrity:
===================================
Date: 2016-11-19 19:25:19.537
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-14 16:33:28.681
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 16:33:24.658
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 16:33:12.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-14 16:33:10.554
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-26 22:03:03.076
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 21%
Total physical RAM: 6019.27 MB
Available physical RAM: 4754.2 MB
Total Virtual: 6979.27 MB
Available Virtual: 5801.55 MB

==================== Drives ================================

Drive c: (TI10667700F) (Fixed) (Total:684.96 GB) (Free:628.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 January 2017 - 09:46 AM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 10 January 2017 - 09:46 AM

Greetings grateful dad and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\MountPoints2: {b504c843-b4ac-11e5-bee2-606c66c7bcb1} - "D:\InnoTabSetup.exe"
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> DefaultScope {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\EX64.SYS [X]
CMD: type "C:\WINDOWS\system32\default_error_stack-000026-000000.txt"
cmd: sc config ToshibaAppPlace start= disabled
reboot:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • Your computer will automatically reboot. Please attempt to boot into Normal Boot
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Normal Boot?
  • Attached System Summary report

Edited by Oh My!, 10 January 2017 - 10:06 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 10 January 2017 - 10:07 AM

Greetings,

In case you didn't see it, I just modified the post to include some instructions. Sorry, I didn't see you come online.

I will be away from my computer in about 10 minutes for a few hours but will be back online today.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 grateful dad

grateful dad
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 10 January 2017 - 11:00 AM

Ok here is the fixlog.  I booted in normal mode when I got the system summary but it froze as it typically does a few minutes later

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Michael (10-01-2017 10:21:28) Run:1
Running from C:\Users\Michael\Desktop\frst
Loaded Profiles: Michael (Available Profiles: Michael & lmonr_000)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CloseProcesses:
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\...\MountPoints2: {b504c843-b4ac-11e5-bee2-606c66c7bcb1} - "D:\InnoTabSetup.exe"
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> DefaultScope {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
SearchScopes: HKU\S-1-5-21-924171896-3884655042-2258627432-1001 -> {4BC75A78-2591-4600-99E6-9F0B617947F4} URL =
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\22.5.2.15\Definitions\SDSDefs\20160812.001\EX64.SYS [X]
CMD: type "C:\WINDOWS\system32\default_error_stack-000026-000000.txt"
cmd: sc config ToshibaAppPlace start= disabled
reboot:
*****************

Processes closed successfully.
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b504c843-b4ac-11e5-bee2-606c66c7bcb1} => key removed successfully
HKCR\CLSID\{b504c843-b4ac-11e5-bee2-606c66c7bcb1} => key not found.
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-924171896-3884655042-2258627432-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4BC75A78-2591-4600-99E6-9F0B617947F4} => key removed successfully
HKCR\CLSID\{4BC75A78-2591-4600-99E6-9F0B617947F4} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKLM\System\CurrentControlSet\Services\SkypeUpdate => key removed successfully
SkypeUpdate => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMChameleon => key removed successfully
MBAMChameleon => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
NAVEX15 => service removed successfully

========= type "C:\WINDOWS\system32\default_error_stack-000026-000000.txt" =========

---------------------------------------
[    *** Error Stack Dump BEGIN ***   ]
---------------------------------------
...Stack Protected Flag:...............[1].
...Stack Expandable Flag:..............[1].
...Stack Size Limited Flag:............[1]
...Stack Size Limit Size:..............[256].
...Stack Internal Error Flag:..........[0].
...Stack Max Entries:..................[16].
...Stack Entries Count:................[2].
...Stack Entries Address:..............[00000000009089B0].
---------------------------------------
......ERROR ENTRY: [0]
---------------------------------------
.........User Interface Flag:..........[1].
.........Offending Item:...............[--RUN_AS_USER_PROCESS].
.........Proposed Solution:............[Unknown Command.].
.........Reported Inline:..............[0].
.........Out Of Cycle Flag:............[1].
.........Thread ID:....................[2292].
.........Last System Error Code........[0x57].
.........Error Path:...................[APPLICATION PATH].
.........Error Severity:...............[UN-RECOVERABLE].
.........Untranslated Error Code:......[497].
.........Error Code:...................[497: Invalid Parameter(s).].
.........Error Sample:.................[0].
.........Error Elapsed Time (in ms):...[0].
.........Error Time:...................[Fri Jan 06 11:17:26 2017].
.........Error File:...................[(...)\parse_cli.c].
.........Error Line:...................[772].
---------------------------------------
......ERROR ENTRY: [1]
---------------------------------------
.........Reported Inline:..............[0].
.........Out Of Cycle Flag:............[1].
.........Thread ID:....................[2292].
.........Last System Error Code........[0x57].
.........Error Path:...................[APPLICATION PATH].
.........Error Severity:...............[UN-RECOVERABLE].
.........Untranslated Error Code:......[497].
.........Error Code:...................[497: Invalid Parameter(s).].
.........Error Sample:.................[0].
.........Error Elapsed Time (in ms):...[0].
.........Error Time:...................[Fri Jan 06 11:17:26 2017].
.........Error File:...................[(...)\driver.c].
.........Error Line:...................[22573].
---------------------------------------
[     *** Error Stack Dump END ***    ]
---------------------------------------
"ESRV_SVC_QUEENCREEK" "--RUN_AS_USER_PROCESS"

========= End of CMD: =========


========= sc config ToshibaAppPlace start= disabled =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 10:21:29 ====

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 10 January 2017 - 06:17 PM

Thank you for your patience.

Unfortunately I am unable to access the System Summary report. We will try to work around it.

Please do this.

===================================================

Modifying Service StartState

-------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Type sc config ESRV_SVC_QUEENCREEK start= disabled and press Enter
  • You should receive confirmation the command was successful
  • Reboot your computer into Normal Boot and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Confirmation?
  • Performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 grateful dad

grateful dad
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 12 January 2017 - 04:56 AM

Ok I typed the command into the prompt and it said it was successful.  When I restarted in normal mode it acted as it usually does.  Was fine for about a minute but everything stopped responding and froze up requiring a manual restart.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 12 January 2017 - 10:29 AM

Thank you for the information.

Is it random freezing or is it related to a particular program or activity?

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Random?
  • Clean boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 15 January 2017 - 09:26 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 grateful dad

grateful dad
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 16 January 2017 - 06:35 PM

Hello, sorry I was away for the long weekend.  I followed the steps for the clean boot above and it still acted the same.  When booted in normal mode everything runs fine for about a minute.  After that nothing responds and it takes a very long time for the pc to react to anything.  The start bar disappears then it goes to a blank purple screen (like the backround when you press the windows key).  After that happens it won't respond to anything and I have to power down by holding the button down, restart and get it back into safe mode really quick.  Sorry for the delay and thank you for all the help.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 16 January 2017 - 08:39 PM

Thanks for touching base.

Please do these things.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 20 January 2017 - 09:44 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:33 PM

Posted 23 January 2017 - 10:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users