Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible PUP/Malware infection


  • This topic is locked This topic is locked
47 replies to this topic

#1 dragoonus

dragoonus

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 16 November 2017 - 05:40 AM

Hello.

 

I'm currently having performance issues with my PC. Before I had a few internet tabs opens which was making the computer run slow, and after attempting to close and reboot Trend was prompted to uninstall and reinstall itself. Not sure if this was an update or not, but after this the PC was working slow and issues like the left click on the mouse wasn't registering. After running Trend, Adwcleaner and Mbar I was able to quarantine a few PUP viruses and now the mouse functions normally, but I'm still experiencing some problems like delays on opening programs or in some cases like iTunes won't open at all. Plus the PC doesn't properly stay in Sleep Mode as if it's disabled, or when it's done manually it comes out of Sleep Mode within a few hours or sometimes immediately. I also notice occasionally the rotating symbol that appears near the mouse cursor flickers as if somethings constantly loading/downloading, even when the PC is idle.

 

Help is greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2017
Ran by Joshua (administrator) on DESKTOP-JAQQTL2 (16-11-2017 04:59:27)
Running from C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads
Loaded Profiles: Joshua (Available Profiles: Joshua)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\7.2.1023\7.2.1023\TmsaInstance64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
() C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-01-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-01-14] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-09-05] (NVIDIA Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [245872 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1242568 2017-07-23] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe [240112 2009-07-24] (Sonic Solutions)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe [84464 2009-07-21] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-23] ()
HKLM\...\RunOnce: [DCERegBootClean64] => C:\WINDOWS\RegBootClean64.exe [409536 2017-11-16] (Trend Micro Inc.)
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\RunOnce: [Application Restart #10] => C:\Windows\SysWOW64\mshta.exe [13312 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\RunOnce: [Application Restart #12] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [934912 2017-04-10] ()
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\RunOnce: [Application Restart #0] => C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe [934912 2017-04-10] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-08-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2016-08-22]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk [2017-11-15]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{345a08ce-acc9-44da-ae58-6a37c85f6ba5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> DefaultScope {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = 
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2017-07-23] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2017-07-23] (Trend Micro Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-11-07] [Legacy]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-01] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-01] (Wacom, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default [2017-11-16]
CHR Extension: (Slides) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-19]
CHR Extension: (AdBlock) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-26]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-10-17]
CHR Extension: (Gmail) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-05]
CHR Extension: (Chrome Media Router) - C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [374968 2017-07-19] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-08-13] (Broadcom Corporation.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1129928 2017-07-23] (Trend Micro Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2679232 2017-07-14] (Trend Micro Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-01-14] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-08-05] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-08-13] (Broadcom Corporation.)
R3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11794352 2017-06-21] (Broadcom Corp)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-15] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_desktop_ref4wui.inf_amd64_393cbe542dcfcdfd\nvlddmkm.sys [14456920 2017-05-19] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [145048 2017-10-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [449688 2017-10-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [140952 2017-10-04] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [560856 2017-05-04] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [135320 2017-10-02] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [134264 2017-05-10] (Trend Micro Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-14] (Intel Corporation)
U2 TMAgent; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-16 04:58 - 2017-11-16 04:59 - 002392576 _____ (Farbar) C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\FRST64.exe
2017-11-16 04:57 - 2017-11-16 04:57 - 000004544 _____ C:\WINDOWS\RegBootClean64.CFG
2017-11-15 05:50 - 2017-11-02 00:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 05:50 - 2017-11-02 00:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 05:50 - 2017-11-01 23:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 05:50 - 2017-11-01 23:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 05:50 - 2017-11-01 23:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 05:50 - 2017-11-01 23:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 05:50 - 2017-11-01 23:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 05:50 - 2017-11-01 23:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 05:50 - 2017-11-01 23:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 05:50 - 2017-11-01 23:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 05:50 - 2017-11-01 23:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 05:50 - 2017-11-01 23:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 05:50 - 2017-11-01 23:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 05:50 - 2017-11-01 23:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 05:50 - 2017-11-01 23:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 05:50 - 2017-11-01 23:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 05:50 - 2017-11-01 23:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 05:50 - 2017-11-01 23:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 05:50 - 2017-11-01 23:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 05:50 - 2017-11-01 23:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 05:50 - 2017-11-01 23:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 05:50 - 2017-11-01 23:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 05:50 - 2017-10-15 10:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 05:50 - 2017-10-15 10:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 05:50 - 2017-10-15 10:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 05:50 - 2017-10-15 09:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 05:50 - 2017-10-15 09:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 05:50 - 2017-10-15 09:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 05:50 - 2017-10-15 09:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 05:50 - 2017-10-15 09:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 05:50 - 2017-10-15 09:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 05:49 - 2017-11-02 00:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 05:49 - 2017-11-02 00:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 05:49 - 2017-11-02 00:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 05:49 - 2017-11-02 00:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 05:49 - 2017-11-02 00:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 05:49 - 2017-11-02 00:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 05:49 - 2017-11-02 00:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 05:49 - 2017-11-02 00:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 05:49 - 2017-11-02 00:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 05:49 - 2017-11-02 00:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 05:49 - 2017-11-02 00:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 05:49 - 2017-11-02 00:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 05:49 - 2017-11-02 00:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 05:49 - 2017-11-02 00:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 05:49 - 2017-11-02 00:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 05:49 - 2017-11-02 00:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 05:49 - 2017-11-02 00:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 05:49 - 2017-11-02 00:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 05:49 - 2017-11-02 00:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 05:49 - 2017-11-02 00:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 05:49 - 2017-11-02 00:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 05:49 - 2017-11-02 00:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 05:49 - 2017-11-02 00:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 05:49 - 2017-11-02 00:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 05:49 - 2017-11-02 00:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 05:49 - 2017-11-02 00:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 05:49 - 2017-11-02 00:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 05:49 - 2017-11-02 00:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 05:49 - 2017-11-02 00:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 05:49 - 2017-11-02 00:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 05:49 - 2017-11-02 00:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 05:49 - 2017-11-02 00:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 05:49 - 2017-11-02 00:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 05:49 - 2017-11-02 00:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 05:49 - 2017-11-01 23:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 05:49 - 2017-11-01 23:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 05:49 - 2017-11-01 23:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 05:49 - 2017-11-01 23:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 05:49 - 2017-11-01 23:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 05:49 - 2017-11-01 23:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 05:49 - 2017-11-01 23:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 05:49 - 2017-11-01 23:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 05:49 - 2017-11-01 23:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 05:49 - 2017-11-01 23:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 05:49 - 2017-11-01 23:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 05:49 - 2017-11-01 23:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 05:49 - 2017-11-01 23:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 05:49 - 2017-11-01 23:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 05:49 - 2017-11-01 23:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 05:49 - 2017-11-01 23:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 05:49 - 2017-11-01 23:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 05:49 - 2017-11-01 23:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 05:49 - 2017-11-01 23:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 05:49 - 2017-11-01 23:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 05:49 - 2017-11-01 23:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 05:49 - 2017-11-01 23:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 05:49 - 2017-11-01 23:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 05:49 - 2017-11-01 23:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 05:49 - 2017-11-01 23:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 05:49 - 2017-11-01 23:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 05:49 - 2017-11-01 23:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 05:49 - 2017-11-01 23:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 05:49 - 2017-11-01 23:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 05:49 - 2017-11-01 23:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 05:49 - 2017-11-01 23:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 05:49 - 2017-11-01 23:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 05:49 - 2017-11-01 23:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 05:49 - 2017-11-01 23:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 05:49 - 2017-11-01 23:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 05:49 - 2017-11-01 23:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 05:49 - 2017-11-01 23:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 05:49 - 2017-11-01 23:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 05:49 - 2017-11-01 23:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 05:49 - 2017-11-01 23:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 05:49 - 2017-11-01 23:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 05:49 - 2017-11-01 23:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 05:49 - 2017-11-01 23:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 05:49 - 2017-11-01 23:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 05:49 - 2017-11-01 23:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 05:49 - 2017-11-01 23:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 05:49 - 2017-11-01 23:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 05:49 - 2017-11-01 23:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 05:49 - 2017-11-01 23:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 05:49 - 2017-11-01 23:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 05:49 - 2017-11-01 23:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 05:49 - 2017-11-01 23:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 05:49 - 2017-11-01 23:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 05:49 - 2017-11-01 23:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 05:49 - 2017-11-01 23:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 05:49 - 2017-11-01 23:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 05:49 - 2017-11-01 23:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 05:49 - 2017-11-01 23:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 05:49 - 2017-11-01 23:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 05:49 - 2017-11-01 23:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 05:49 - 2017-11-01 23:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 05:49 - 2017-11-01 23:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 05:49 - 2017-11-01 23:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 05:49 - 2017-10-25 02:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 05:49 - 2017-10-15 09:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 05:49 - 2017-10-15 09:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 05:49 - 2017-10-15 09:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 05:49 - 2017-10-15 09:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 05:49 - 2017-10-15 09:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 05:49 - 2017-10-15 09:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 05:49 - 2017-10-15 09:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 05:49 - 2017-10-15 09:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 05:49 - 2017-10-15 09:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 05:49 - 2017-10-15 09:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 05:49 - 2017-10-15 09:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 05:49 - 2017-10-15 09:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 05:49 - 2017-10-15 09:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 05:49 - 2017-10-15 09:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 05:49 - 2017-10-15 09:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 05:49 - 2017-10-15 09:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 05:49 - 2017-10-15 09:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 05:49 - 2017-10-15 09:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 05:49 - 2017-10-15 09:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 05:49 - 2017-10-15 09:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 05:49 - 2017-10-15 09:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 05:49 - 2017-10-15 09:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 05:49 - 2017-10-15 09:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 05:49 - 2017-10-15 09:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 05:49 - 2017-10-15 09:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 05:49 - 2017-10-15 09:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 05:49 - 2017-10-15 09:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 05:28 - 2017-11-15 05:28 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-15 05:28 - 2017-11-15 05:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-15 05:25 - 2017-11-15 05:25 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-11-08 05:53 - 2017-11-08 05:53 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-08 05:53 - 2017-11-08 05:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-08 05:53 - 2017-11-08 05:53 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-08 05:53 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-08 05:49 - 2017-11-08 05:53 - 078346672 _____ (Malwarebytes ) C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-10-29 11:33 - 2017-10-29 11:33 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\.fontconfig
2017-10-25 16:27 - 2017-11-05 10:22 - 000001870 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\Desktop\Rkill.txt
2017-10-25 16:27 - 2017-10-25 16:27 - 000983168 _____ (Bleeping Computer, LLC) C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\rkill64.exe
2017-10-25 16:26 - 2017-10-25 16:26 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\rkill.exe
2017-10-25 16:19 - 2017-10-25 16:19 - 008250832 _____ (Malwarebytes) C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\AdwCleaner.exe
2017-10-21 11:31 - 2017-11-15 18:18 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-10-17 18:44 - 2017-10-17 18:44 - 000000000 ___HD C:\TMRescueDisk
2017-10-17 18:40 - 2017-10-25 16:06 - 000001342 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\Desktop\Trend Micro Maximum Security.lnk
2017-10-17 18:40 - 2017-10-17 18:40 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Maximum Security
2017-10-17 18:39 - 2017-10-17 18:39 - 000000000 ____D C:\WINDOWS\SysWOW64\tmumh
2017-10-17 18:39 - 2017-10-17 18:39 - 000000000 ____D C:\WINDOWS\system32\tmumh
2017-10-17 18:39 - 2017-10-04 13:55 - 000449688 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-10-17 18:39 - 2017-10-04 13:55 - 000145048 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2017-10-17 18:39 - 2017-10-04 13:55 - 000140952 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2017-10-17 18:39 - 2017-10-02 01:28 - 000135320 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMUMH.sys
2017-10-17 18:39 - 2017-05-10 02:46 - 000147672 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2017-10-17 18:39 - 2017-05-10 02:17 - 000134264 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2017-10-17 18:39 - 2017-05-04 14:56 - 000560856 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2017-10-17 18:39 - 2016-01-04 22:35 - 000072504 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC64.sys
2017-10-17 18:39 - 2015-06-22 21:49 - 000039056 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2017-10-17 18:38 - 2017-10-17 18:38 - 000003382 _____ C:\WINDOWS\System32\Tasks\AirSupport Update
2017-10-17 18:38 - 2017-10-17 18:38 - 000000059 _____ C:\WINDOWS\system32\SupportTool.exe.bat
2017-10-17 18:37 - 2017-10-17 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Troubleshooting Tool
2017-10-17 18:18 - 2017-10-17 18:30 - 240286032 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\TrendMicro_Download.exe
2017-10-17 18:11 - 2017-10-17 18:11 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-10-17 17:57 - 2017-10-17 17:57 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\NVIDIA
2017-10-17 17:41 - 2017-10-17 17:42 - 000923052 _____ C:\WINDOWS\Minidump\101717-54203-01.dmp
2017-10-17 17:41 - 2017-10-17 17:41 - 000000000 ____D C:\WINDOWS\Minidump
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-16 05:00 - 2016-07-28 17:15 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\DP_Tower_3.7
2017-11-16 05:00 - 2015-11-15 12:50 - 000024360 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\FRST.txt
2017-11-16 04:57 - 2015-11-15 12:51 - 000409536 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2017-11-16 04:57 - 2015-11-15 12:51 - 000014842 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads\Addition.txt
2017-11-16 04:57 - 2015-09-05 16:59 - 000000000 ____D C:\ProgramData\Trend Micro
2017-11-16 04:55 - 2015-11-15 12:50 - 000000000 ____D C:\FRST
2017-11-16 03:28 - 2017-08-05 15:29 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{222E6998-17D8-4FC2-86C0-34027B599556}
2017-11-15 20:57 - 2015-09-05 16:35 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 20:57 - 2015-09-05 16:35 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-15 18:24 - 2017-08-05 15:28 - 001285478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-15 18:23 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-15 18:22 - 2017-03-18 06:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-15 18:21 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-15 18:21 - 2015-09-08 13:26 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-15 18:20 - 2015-08-13 12:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 18:19 - 2017-08-04 23:30 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-15 18:18 - 2017-08-05 15:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-15 18:18 - 2017-08-05 15:15 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-15 18:18 - 2017-08-05 15:13 - 000453872 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 18:17 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-15 18:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 18:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 18:16 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 18:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 18:16 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 10:43 - 2017-08-05 15:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-15 07:49 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 05:57 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 05:34 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-15 05:28 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files\iTunes
2017-11-15 05:28 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files\iPod
2017-11-15 05:27 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-11-15 05:27 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files (x86)\iTunes
2017-11-15 05:26 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files\Bonjour
2017-11-15 05:26 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-11-15 05:25 - 2015-09-05 17:41 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-11-15 05:25 - 2015-09-05 11:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-11-15 04:48 - 2017-08-05 15:29 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 04:48 - 2017-08-05 15:29 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-12 10:14 - 2015-11-07 13:34 - 000000000 ____D C:\AdwCleaner
2017-11-09 11:17 - 2017-08-05 15:17 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2
2017-11-08 05:53 - 2015-11-05 19:22 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-08 05:32 - 2015-11-05 19:41 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-08 05:32 - 2015-11-05 19:39 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\Desktop\mbar
2017-11-07 22:12 - 2017-08-05 15:29 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1532959501-2282570097-1314125110-1001
2017-11-07 22:12 - 2015-09-05 16:25 - 000002420 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 22:12 - 2015-09-05 16:25 - 000000000 ___RD C:\Users\Joshua.DESKTOP-JAQQTL2\OneDrive
2017-11-04 20:40 - 2017-03-18 16:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 20:40 - 2017-03-18 16:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-04 12:18 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-10-29 21:14 - 2015-09-08 08:42 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Roaming\Audacity
2017-10-29 11:34 - 2015-10-22 08:59 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\.gimp-2.6
2017-10-25 18:23 - 2015-09-05 15:45 - 000000000 ____D C:\ProgramData\Trend Micro Installer
2017-10-25 16:21 - 2015-09-05 16:23 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Packages
2017-10-25 11:49 - 2016-02-26 00:05 - 000000560 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2017-10-25 11:49 - 2015-08-13 12:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-10-25 11:49 - 2015-08-13 12:36 - 000000000 ____D C:\Program Files\Dell
2017-10-25 11:49 - 2015-08-13 12:28 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-10-17 18:40 - 2015-09-08 07:16 - 000001279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2017-10-17 18:39 - 2017-03-18 16:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-10-17 18:37 - 2015-09-05 16:59 - 000000000 ____D C:\Program Files\Trend Micro
2017-10-17 18:32 - 2015-09-05 16:54 - 000000000 ____D C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\Trend Micro
2017-10-17 18:05 - 2016-08-27 16:12 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-10-17 17:43 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-10-17 17:41 - 2015-09-14 12:10 - 1048477573 _____ C:\WINDOWS\MEMORY.DMP
2017-10-17 17:27 - 2015-09-05 18:04 - 000000010 _____ C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\sponge.last.runtime.cache
 
==================== Files in the root of some directories =======
 
2015-09-05 16:57 - 2015-09-05 16:57 - 000000036 _____ () C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\housecall.guid.cache
2016-03-24 16:01 - 2017-03-01 21:29 - 000012648 _____ () C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\rx_audio.Cache
2016-03-24 16:01 - 2017-03-01 21:29 - 000000360 _____ () C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\rx_image32.Cache
2015-09-05 18:04 - 2017-10-17 17:27 - 000000010 _____ () C:\Users\Joshua.DESKTOP-JAQQTL2\AppData\Local\sponge.last.runtime.cache
2017-08-05 15:15 - 2017-08-05 15:15 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Joshua.DESKTOP-JAQQTL2\ZHPCleaner.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-08 22:51
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-11-2017
Ran by Joshua (16-11-2017 05:00:30)
Running from C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads
Windows 10 Home Version 1703 15063.726 (X64) (2017-08-05 20:37:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1532959501-2282570097-1314125110-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1532959501-2282570097-1314125110-503 - Limited - Disabled)
Guest (S-1-5-21-1532959501-2282570097-1314125110-501 - Limited - Disabled)
Joshua (S-1-5-21-1532959501-2282570097-1314125110-1001 - Administrator - Enabled) => C:\Users\Joshua.DESKTOP-JAQQTL2
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro Maximum Security (Enabled - Up to date) {1E5CB925-ABFC-68A9-91DC-4258BDE6C44A}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Click DVD Copy Pro 4.3.0.2 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version:  - LG Software Innovations)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.0.63 - CinemaNow, Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{04A41EBC-AB30-4574-A14D-E0CDFE31AB70}) (Version: 1.5.1.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{457EFE69-8F49-43E0-80F9-1DEF4F7690C2}) (Version: 2.5.23.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
DirectX 9 Runtime (HKLM-x32\...\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}) (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Roxio Creator 2010 Pro (HKLM-x32\...\{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}) (Version: 12.0 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.3.0 - Roxio) Hidden
Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Roxio)
SmartSound Quicktracks Plugin (HKLM-x32\...\{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 12.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.7.0.1220 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0.1132 - Trend Micro Inc.)
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.587 - Broadcom Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001_Classes\CLSID\{57B13C80-C59C-4981-8870-4A209C1B7589}\InprocServer32 -> C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions)
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers1-x32: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-05-07] (Cyberlink)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2017-07-23] (Trend Micro Inc.)
ContextMenuHandlers1_S-1-5-21-1532959501-2282570097-1314125110-1001: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions)
ContextMenuHandlers2_S-1-5-21-1532959501-2282570097-1314125110-1001: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions)
ContextMenuHandlers6_S-1-5-21-1532959501-2282570097-1314125110-1001: [RXDCExtSvr] -> {57B13C80-C59C-4981-8870-4A209C1B7589} => C:\Program Files\Roxio 2010\Virtual Drive 10\DC_ShellExt64.dll [2009-07-07] (Sonic Solutions)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {204B1AEE-453D-4366-A02C-8D45F4B40965} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [2017-07-23] (Trend Micro Inc.)
Task: {3299DB5E-8012-4265-916F-A02101B2321C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {43406ADE-CD78-4460-8A75-6D3D90A76795} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {6C6A0FAC-701A-42FE-8534-6800C24FFF49} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {923D0B34-A06F-4438-8BCB-72B84442789C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {955D9353-F41A-420D-AA41-69B2A28D5C4D} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {98845761-44C3-45F0-A1AB-C04EF9B9B5A8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A1929899-FFEA-4043-A37C-58DF1EB4382D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {EEED34AE-E68D-4845-9221-EA32F127A7D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {F21793CC-DF77-40C5-A5C7-481094A8B149} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP JAQQTL2
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-10-17 18:37 - 2017-01-13 02:41 - 000039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc140-mt-1_62.dll
2017-10-17 18:37 - 2017-01-13 02:39 - 000076288 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc140-mt-1_62.dll
2017-10-17 18:37 - 2017-01-13 03:01 - 000737792 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2017-10-17 18:37 - 2017-01-13 02:42 - 000131072 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc140-mt-1_62.dll
2017-10-17 18:37 - 2017-01-13 02:39 - 000048640 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc140-mt-1_62.dll
2017-10-17 18:37 - 2017-01-13 02:55 - 002333184 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000182568 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2017-10-17 18:38 - 2017-07-23 14:24 - 000131072 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc140-mt-1_62.dll
2017-10-17 18:38 - 2017-07-23 14:24 - 000039424 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc140-mt-1_62.dll
2017-10-17 18:38 - 2017-07-23 14:24 - 000076288 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc140-mt-1_62.dll
2017-10-17 18:38 - 2017-07-23 14:24 - 000048640 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_chrono-vc140-mt-1_62.dll
2017-10-17 18:38 - 2017-07-23 14:24 - 001016320 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc140-mt-1_62.dll
2017-07-22 11:38 - 2017-01-13 14:41 - 000039424 _____ () C:\Program Files\Trend Micro\TMIDS\boost_system-vc140-mt-1_62.dll
2017-07-22 11:38 - 2017-01-13 14:39 - 000076288 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc140-mt-1_62.dll
2015-11-17 11:08 - 2010-10-26 16:42 - 001182576 ____N () C:\Program Files\Tablet\Pen\libxml2.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-11-08 05:53 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 004297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-09-05 16:59 - 2017-04-10 22:58 - 000934912 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-12 07:09 - 2017-11-12 07:11 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 07:09 - 2017-11-12 07:11 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 07:09 - 2017-11-12 07:11 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 22:09 - 2017-11-07 22:11 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000085952 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll
2009-07-21 11:50 - 2009-07-21 11:50 - 000084464 _____ () C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
2009-06-23 01:18 - 2009-06-23 01:18 - 000494064 _____ () C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
2015-05-19 19:23 - 2015-05-19 19:23 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-08-13 12:34 - 2014-04-14 20:59 - 000253776 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2017-11-15 04:52 - 2017-11-15 05:09 - 000022016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-11-15 04:52 - 2017-11-15 05:09 - 055109120 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-06 17:46 - 2017-10-06 17:53 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-11-15 04:52 - 2017-11-15 05:10 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-06 17:46 - 2017-10-06 17:50 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-11-15 04:52 - 2017-11-15 05:03 - 003740160 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-11-15 04:52 - 2017-11-15 05:10 - 002051584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-11-15 04:52 - 2017-11-15 05:10 - 020759040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-11-15 04:52 - 2017-11-15 05:03 - 003607040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-11-15 04:51 - 2017-11-15 04:53 - 003150848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-30 06:17 - 2017-08-30 06:17 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 04:52 - 2017-11-15 05:09 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-11-15 04:52 - 2017-11-15 05:03 - 000027648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginProxy.dll
2017-11-15 04:51 - 2017-11-15 04:53 - 000315904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-11-15 04:52 - 2017-11-15 05:04 - 002493440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.AutoSuggest.dll
2017-11-15 04:52 - 2017-11-15 05:09 - 000919040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-11-15 04:52 - 2017-11-15 05:09 - 001363968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-11-15 04:52 - 2017-11-15 05:09 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.dll
2017-11-15 04:52 - 2017-11-15 05:02 - 001007104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\IPP_UWP.dll
2017-11-15 04:52 - 2017-11-15 05:03 - 000084480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\MediaEngineVideoDataProvider.UWP.dll
2017-11-15 04:52 - 2017-11-15 05:02 - 000109568 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 15:22 - 2017-10-20 15:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-10-20 15:20 - 2017-10-20 15:20 - 000235832 _____ () C:\Program Files\iTunes\libxslt.dll
2017-09-17 09:39 - 2017-09-17 09:42 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-15 20:57 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 20:57 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-04-22 08:33 - 2017-01-26 11:35 - 001078272 _____ () C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2017-04-22 08:33 - 2017-02-23 00:31 - 001922560 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2017-04-22 08:33 - 2017-02-23 00:31 - 000079872 _____ () C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2017-04-22 08:33 - 2017-02-23 00:31 - 004834816 _____ () C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2015-09-08 13:32 - 2017-09-09 14:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-08 13:32 - 2016-08-31 20:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-08 13:32 - 2017-10-30 22:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-08 13:32 - 2016-08-31 20:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-08 13:32 - 2016-08-31 20:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-08 13:32 - 2016-01-27 02:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-08 13:32 - 2016-01-27 02:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-08 13:32 - 2016-01-27 02:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-08 13:32 - 2016-01-27 02:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-08 13:32 - 2016-01-27 02:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-08 13:32 - 2017-10-30 22:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 01:10 - 2016-07-04 17:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-08-13 12:32 - 2014-12-08 02:28 - 000627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 17:28 - 2014-12-08 17:28 - 000016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-06-14 00:40 - 2017-09-06 21:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-13 20:20 - 2017-08-16 17:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-09-08 13:32 - 2015-09-24 18:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-19 09:35 - 2017-09-19 09:35 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 000155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-01 14:27 - 2017-05-01 14:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2015-06-24 03:07 - 2015-06-24 03:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000108032 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc140-mt-1_62.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000035840 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_system-vc140-mt-1_62.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000044032 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_chrono-vc140-mt-1_62.dll
2017-10-17 18:31 - 2017-07-23 14:24 - 000064000 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc140-mt-1_62.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\roxio.com -> hxxp://roxio.com
IE trusted site: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\sonic.com -> hxxp://redirect.sonic.com
IE trusted site: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joshua.DESKTOP-JAQQTL2\Pictures\Pictures\mass_effect_tali_wallpaper_by_zecardo-d6u2wlz.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2DCFFCB1-D091-4EA6-8F48-3B7D8023A2BC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{69E8BCD2-74C5-4401-9CB7-FE74CD184D9B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F36A4003-9E67-4B6E-A22A-2F7A866E6325}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{33CDCD72-1034-45CA-BF86-32682CD4F5F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C25664DD-525F-4D39-85DA-8BCF2DDCA906}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{13F22912-C7CE-44D2-993F-9A452F59D6FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B2533299-B8B0-4E87-8771-726120ADD33B}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{7DE22138-F20F-4C19-902F-F278753B0416}] => (Allow) C:\Program Files (x86)\Roxio 2010\Venue\Venue.exe
FirewallRules: [{48EEF47D-2679-4C77-A153-4F5F5956FD5D}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{3EC7CBA7-0AEA-4277-9910-5F74BC302F2C}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{864DAEF8-55EE-4B0A-A256-F50D961980C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{719A2072-E410-4745-A4AA-8B0A199CD4FB}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{DE7B03BA-D5EE-4C52-AB41-9A573B28159C}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{8B71FE66-1FDD-40A1-BAA8-B4795A80FE6E}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{17A3C471-19D6-4ABE-A658-AA7C7B259A8B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{B28D0C47-96C6-48B1-B97E-C9DD46593782}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{BCCF8373-C594-4C9C-BF4B-124B66424681}] => (Allow) C:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{262D13CE-2A3C-4EAB-BD80-077CBF151EB3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{16CC4B95-E546-4753-B569-014E8CAC452C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EE64680B-EE1E-4AD7-BCC3-AB50F1B19C8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B55C845-C270-4A2E-8EF2-578A66A1D07C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2F49940-29A0-4827-BBCC-2F2305874363}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{45899293-ED69-484C-8C52-5C2A27E4B632}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-10-2017 11:48:35 Installed Dell Help & Support
15-11-2017 05:53:43 Windows Update
15-11-2017 05:54:28 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2017 04:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297
 
Error: (11/16/2017 04:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297
 
Error: (11/16/2017 04:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/16/2017 04:10:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
 
Error: (11/16/2017 04:10:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
 
Error: (11/16/2017 04:10:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/15/2017 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1218
 
Error: (11/15/2017 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1218
 
Error: (11/15/2017 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/15/2017 07:44:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000008
Fault offset: 0x00000000000a917a
Faulting process id: 0xd6c
Faulting application start time: 0x01d35e67fc80bceb
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6258176b-8fac-469c-920b-914192777338
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/16/2017 04:10:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/16/2017 04:10:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/15/2017 07:44:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/15/2017 06:18:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BcmBtRSupport service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/15/2017 06:18:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BcmBtRSupport service to connect.
 
Error: (11/15/2017 06:17:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (11/15/2017 06:15:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Update Orchestrator Service service did not shut down properly after receiving a preshutdown control.
 
Error: (11/12/2017 06:52:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/12/2017 06:51:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/12/2017 06:51:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JAQQTL2)
Description: The server Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-16 04:54:45.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-16 04:54:45.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 04:59:56.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 04:59:55.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 08:40:33.772
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 07:09:48.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-12 07:09:48.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-09 10:49:42.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-09 06:49:03.989
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-09 06:49:03.985
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 49%
Total physical RAM: 8143.2 MB
Available physical RAM: 4141.21 MB
Total Virtual: 9871.2 MB
Available Virtual: 3868.43 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.55 GB) (Free:773.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B5C69C15)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 18 November 2017 - 04:30 PM

Greetings dragoonus and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> DefaultScope {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = 
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
Task: {6C6A0FAC-701A-42FE-8534-6800C24FFF49} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe
C:\Windows\TEMP\DeleteFolderTask.exe
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance in Normal Boot
===================================================

Please boot into Safe Mode and tell me how your computer performs.

===================================================
Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Performance in Normal Boot?
  • Performance in Safe Mode

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 18 November 2017 - 11:54 PM

The PC is running better, but I do notice that iTunes won't open in Normal Mode. However, the program does open in Safe Mode. I have no other issues with the other programs at the moment.

 

I ran the Farbar Tool twice because the first time I didn't run it as an administrator. This Fixlog is of the second run.

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017

Ran by Joshua (18-11-2017 23:34:03) Run:4
Running from C:\Users\Joshua.DESKTOP-JAQQTL2\Downloads
Loaded Profiles: Joshua (Available Profiles: Joshua)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> DefaultScope {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {D0002A95-4ED0-40DD-99E7-70C1E0E4B792} URL = 
SearchScopes: HKU\S-1-5-21-1532959501-2282570097-1314125110-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = 
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll No File
Task: {6C6A0FAC-701A-42FE-8534-6800C24FFF49} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe
C:\Windows\TEMP\DeleteFolderTask.exe
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D0002A95-4ED0-40DD-99E7-70C1E0E4B792} => key not found. 
HKLM\Software\Classes\CLSID\{D0002A95-4ED0-40DD-99E7-70C1E0E4B792} => key not found. 
HKU\S-1-5-21-1532959501-2282570097-1314125110-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key not found. 
HKLM\Software\Classes\CLSID\{d4fee3d1-1014-4db8-a824-573bf9ab51c7} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found. 
HKLM\Software\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found. 
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\tmbp => key not found. 
HKLM\Software\Classes\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C6A0FAC-701A-42FE-8534-6800C24FFF49} => key not found. 
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => key not found. 
"C:\Windows\TEMP\DeleteFolderTask.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24263336 B
Java, Flash, Steam htmlcache => 159744 B
Windows/system/drivers => 69059 B
Edge => 0 B
Chrome => 14955271 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 2462 B
NetworkService => 2114 B
Joshua.DESKTOP-JAQQTL2 => 33037 B
 
RecycleBin => 0 B


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 19 November 2017 - 09:59 AM

Thank you for the information. Before we start manipulating the iTunes program I would like to do some troubleshooting steps. Please complete the 2nd and 3rd things in Normal Boot.
  • If you are able to boot into Safe Mode with Networking open iTunes, click Help, then select Check for Udates. Reboot into Normal Boot and check iTunes
  • Right click on the iTunes icon and select Run as administrator and let me know if the program launches
  • Hold the ctrl + shift keys down then double click the iTunes icon. Let me know if it launches
===================================================

Clean Boot

--------------------
  • Press the Windows Key + R on your keyboard at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check launching iTunes
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Safe Mode update?
  • Run as administrator?
  • ctrl + shift keys?
  • Clean boot results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 20 November 2017 - 08:21 PM

Safe Mode update: I was able to open the program and I had the latest update installed

 

Run as admin: It seems that's the way it's opening, but there are times the program still won't open. Also after every time iTunes opens, it prompts for an update "iTunes Repair iPod Software Operation". It states iPods won't be able to connect without it. Even after pressing Yes on the install it doesn't seem to work since it keeps coming up after each boot-up.

 

Ctrl+shift keys: Nothing happens

 

Clean boot: Same as before; Nothing.

 

Also, I wasn't able to list this down because I had to test it, but I did notice the Auto-Sleep functions on the PC doesn't work. I have it set to after 30 minutes of being idle it should go to Sleep Mode but it stays on.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 20 November 2017 - 08:49 PM

Thanks,

We will deal with the Sleep problem once we resolve iTunes.

===================================================

Repair iTunes via Programs and Features

--------------------
  • Please press the Windows Key + R at the same time
  • Type appwiz.cpl and hit Enter
  • Left click on iTunes and select Repair above
  • Complete the process and test iTunes
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 20 November 2017 - 08:50 PM

Update: I fixed the "iTunes Repair iPod Software Operation" issue. The prompt doesn't come up anymore before the program starts.

 

Also while running the PC in Safe Mode with Networking I can't access any networks or access the Internet. Not sure if this is an issue, but I figured I should have access to the Internet in this mode.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 20 November 2017 - 09:02 PM

Was iTunes repaired and now working properly?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 20 November 2017 - 09:05 PM

Repair Update: iTunes only loads if the Run as Administrator option is selected. Double clicking on the icon doesn't open it.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 20 November 2017 - 09:39 PM

Please do this.

===================================================

Setting Program to Run as Administrator

--------------------
  • Right click on the iTunes icon and select Properties
  • Click the Compatibility tab
  • Place a check mark in Run this program as an administrator
  • Click Apply, then OK
  • Test launching iTunes
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 22 November 2017 - 03:01 AM

Results: The program opens after double-clicking the icon. Thank you.

 

Now, the Sleep Mode issue?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 22 November 2017 - 08:38 AM

Great.

Please do this.

===================================================

Troubleshooting Power Issues

-------------------
  • Press the Windows key + S at the same time
  • Type Troubleshooting and press Enter
  • Click View all
  • Click Power
  • Click Advanced then uncheck Apply repairs automatically
  • Click Next
  • If issues are found click View detailed information
  • Place the cursor to the left of Issues found
  • Left click and drag the cursor down to highlight all the information inside the Power box
  • Release the left click
  • Hit Ctrl + C at the same time to copy all the information
  • Right click inside the Reply screen and select Paste
  • Include the information in your reply
  • Test your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Power information
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 23 November 2017 - 01:23 PM

Power Info results: It says "No changes or updates were necessary" after running the troubleshooting process. No issues were found.

 

 
Potential issues that were checked
Time before display dims is too long
The period of time before a display dims is longer than the default setting, and might affect power usage.
Issue not present
 
Time before hard disk goes to sleep is too long
The period of time before a hard disk enters sleep mode is longer than the default setting, and might affect power usage.
Issue not present
 
Time before display goes to sleep is too long
The period of time before a display turns off is longer than the default setting, and might affect power usage.
Issue not present
 
Power plan set to High Performance
High Performance uses additional power and might prevent the computer from entering sleep mode.
Issue not present
 
Time before computer goes to sleep is too long
The period of time before your computer enters sleep mode is longer than the default setting, and might affect power usage.
Issue not present
 
Minimum processor state is set too high
When this value is set higher than the default setting, the processor uses additional power.
Issue not present
 
Display brightness setting is too high
The brightness setting for the display is higher than the default setting.
Issue not present
 
Screen saver is enabled
Using a screen saver instead of having the display go to sleep uses more power.
Issue not present
 
USB Selective Suspend is disabled
USB Selective Suspend allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. This feature is useful for reducing power usage.
Issue not present
 
Wireless adapter is not optimized for power saving
Wireless adapter setting uses additional battery power.
Issue not present
 
Potential issues that were checked
Detection details
  Time before display dims is too long
Issue not present
 
The period of time before a display dims is longer than the default setting, and might affect power usage.
 
  Time before hard disk goes to sleep is too long
Issue not present
 
The period of time before a hard disk enters sleep mode is longer than the default setting, and might affect power usage.
 
  Time before display goes to sleep is too long
Issue not present
 
The period of time before a display turns off is longer than the default setting, and might affect power usage.
 
  Power plan set to High Performance
Issue not present
 
High Performance uses additional power and might prevent the computer from entering sleep mode.
 
  Time before computer goes to sleep is too long
Issue not present
 
The period of time before your computer enters sleep mode is longer than the default setting, and might affect power usage.
 
  Minimum processor state is set too high
Issue not present
 
When this value is set higher than the default setting, the processor uses additional power.
 
  Display brightness setting is too high
Issue not present
 
The brightness setting for the display is higher than the default setting.
 
  Screen saver is enabled
Issue not present
 
Using a screen saver instead of having the display go to sleep uses more power.
 
  USB Selective Suspend is disabled
Issue not present
 
USB Selective Suspend allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. This feature is useful for reducing power usage.
 
  Wireless adapter is not optimized for power saving
Issue not present
 
Wireless adapter setting uses additional battery power.

 

Performance results: The monitor enters Sleep Mode normally, but the PC itself still doesn't. It remains on even though I have it set to Sleep Mode after 30 minutes of idling.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 23 November 2017 - 04:21 PM

Thank you. Please do this.


===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

powercfg Report - Windows 7/Vista

--------------------
  • Click Start then type cmd
  • Right click on cmd above and select Run as Administrator
  • In the Command window type powercfg.exe /energy and press Enter
  • Allow the command to run for the required 60 seconds
  • When completed the results will show the location of the generated report
  • Attach the report to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary file
  • Attached powercfg report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 dragoonus

dragoonus
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 24 November 2017 - 09:21 PM

Powercfg report and energy report files are attached below.

 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users