Author Topic: [Resolved] computer shutdown sometimes  (Read 3051 times)

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
[Resolved] computer shutdown sometimes
« on: February 15, 2016, 06:10:39 AM »
hello again. my laptop has been acting up. for the last couple of days it has given me a one minute shutdown notice and today it didn't fully load properly. not sure what is going on. not sure if it is malware related but i know its something. enclosed is my logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by ghy (administrator) on ME (15-02-2016 07:03:26)
Running from C:\Users\ghy\Desktop
Loaded Profiles: ghy (Available Profiles: ghy & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\dfrgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-01-22] (Dritek System Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-14] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-876722891-2251025421-431620547-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-14] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk [2012-11-25]
ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-01-05]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45ee9182-0b72-4617-afaf-e58bcc505f1b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ff1d22a0-a3a7-45a1-a8eb-efcf758097a9}: [DhcpNameServer] 127.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-876722891-2251025421-431620547-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-876722891-2251025421-431620547-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-876722891-2251025421-431620547-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {48080B65-246A-4902-851C-689CF29BFB2B} URL =
SearchScopes: HKLM -> {48080B65-246A-4902-851C-689CF29BFB2B} URL =
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {48080B65-246A-4902-851C-689CF29BFB2B} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-14] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-14] (AVAST Software)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FB54FA27-96CF-4C62-80DC-DA7616EBD326} hxxp://downloads.bullguard.com/VirusScan/bgvax.cab

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> hxxp://www.google.ca/

FireFox:
========
FF ProfilePath: C:\Users\ghy\AppData\Roaming\Mozilla\Firefox\Profiles\nrqao1ea.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-876722891-2251025421-431620547-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ghy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-26] (Unity Technologies ApS)
FF Extension: AdBlock Lite - C:\Users\ghy\AppData\Roaming\Mozilla\Firefox\Profiles\nrqao1ea.default\Extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi [2016-01-19]
FF Extension: Adblock Plus - C:\Users\ghy\AppData\Roaming\Mozilla\Firefox\Profiles\nrqao1ea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-14]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.yahoo.ca/"
CHR Profile: C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-27]
CHR Extension: (Google Docs) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-27]
CHR Extension: (Google Drive) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-25]
CHR Extension: (YouTube) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (AdBlock) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (Bitdefender QuickScan) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-09-18]
CHR Extension: (Gmail) - C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-14] (AVAST Software)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-01-22] (Dritek System INC.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-14] (AVAST Software)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-22] (Dritek System Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 07:03 - 2016-02-15 07:04 - 00017062 _____ C:\Users\ghy\Desktop\FRST.txt
2016-02-15 07:03 - 2016-02-15 07:03 - 00000000 ___DC C:\FRST
2016-02-15 07:02 - 2016-02-15 07:02 - 02370560 _____ (Farbar) C:\Users\ghy\Downloads\FRST64.exe
2016-02-15 07:02 - 2016-02-15 07:02 - 02370560 _____ (Farbar) C:\Users\ghy\Desktop\FRST64.exe
2016-02-14 12:01 - 2016-02-14 12:01 - 00000000 ____D C:\Users\ghy\AppData\Local\Apple
2016-02-14 10:50 - 2016-02-14 10:50 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-14 10:50 - 2016-02-14 10:50 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-14 10:45 - 2016-02-14 10:45 - 00000000 ____D C:\Users\ghy\AppData\Local\ActiveSync
2016-02-10 07:41 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 07:41 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 07:41 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 07:41 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 07:41 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 07:41 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 07:41 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 07:41 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 07:41 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 07:41 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 07:41 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 07:41 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 07:41 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 07:41 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 07:41 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 07:41 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 07:41 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 07:41 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 07:41 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 07:41 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 07:41 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 07:41 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 07:41 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 07:41 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 07:41 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 07:41 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 07:41 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 07:41 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 07:41 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 07:41 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 07:41 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 07:41 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 07:41 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 07:41 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 07:41 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 07:41 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 07:41 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 07:41 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 07:41 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 07:41 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 07:41 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 07:41 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 07:41 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 07:41 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 07:41 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 07:41 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 07:41 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 07:41 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 07:41 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 07:41 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 07:41 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 07:41 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 07:41 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 07:40 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 07:40 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 07:40 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 07:40 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 07:40 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 07:40 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 07:40 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 07:40 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 07:40 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 07:40 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 07:40 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 07:40 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 07:26 - 2016-02-10 07:26 - 00030736 _____ C:\Users\ghy\Desktop\feb 2016 hydro bill.pdf
2016-02-08 14:10 - 2016-02-08 14:10 - 00115624 _____ C:\Users\ghy\Downloads\data (2).pdf
2016-02-08 14:08 - 2016-02-08 14:08 - 00033235 _____ C:\Users\ghy\Downloads\data (1).pdf
2016-02-08 14:08 - 2016-02-08 14:08 - 00012102 _____ C:\Users\ghy\Downloads\DownLoadMyData (1).xml
2016-02-08 14:05 - 2016-02-08 14:09 - 00000000 ____D C:\Users\ghy\Desktop\February Hydro Meter Readings
2016-02-02 17:03 - 2016-02-09 10:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-02 17:03 - 2016-02-02 17:03 - 00003930 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1454450579
2016-02-02 17:03 - 2016-02-02 17:03 - 00001211 _____ C:\Users\Public\Desktop\Opera.lnk
2016-02-02 17:03 - 2016-02-02 17:03 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-02-02 17:00 - 2016-02-02 17:00 - 00725376 _____ (Opera Software) C:\Users\ghy\Downloads\Opera_NI_stable.exe
2016-01-27 16:34 - 2016-01-27 16:34 - 00502195 _____ C:\Users\ghy\Downloads\150799-Impossible.wma
2016-01-27 16:19 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-27 16:19 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-27 16:19 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-27 16:19 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-27 16:18 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-27 16:18 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-27 16:18 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-27 16:18 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-27 16:18 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-27 16:18 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-27 16:18 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-27 16:18 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-27 16:18 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-27 16:18 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-27 16:18 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-27 16:18 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-27 16:18 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-27 16:18 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-27 16:18 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-27 16:18 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-27 16:18 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-27 16:18 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-27 16:18 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-27 16:18 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-27 16:18 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-27 16:18 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-27 16:18 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-27 16:18 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-27 16:18 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-27 16:18 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-27 16:18 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-27 16:18 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-27 16:18 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-27 16:18 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-27 16:18 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-27 16:18 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-27 16:18 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-27 16:18 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-27 16:18 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-27 16:18 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-27 16:18 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-27 16:18 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-27 16:18 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-27 16:18 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-27 16:18 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-27 16:18 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-27 16:18 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-27 16:18 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-27 16:18 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-27 16:18 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-27 16:18 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-27 16:18 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-27 16:18 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-27 16:18 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-27 16:18 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-27 16:18 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-27 16:18 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-27 16:18 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-27 16:18 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-27 16:18 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-27 16:18 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-27 16:18 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-27 16:18 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-27 16:18 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-27 16:18 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-27 16:18 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-27 16:18 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-27 16:18 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-27 16:18 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-27 16:18 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-27 16:18 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-27 16:18 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-27 16:18 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-27 16:18 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-27 16:18 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-27 16:18 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-27 16:18 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-27 16:18 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-27 16:18 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-27 16:18 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-27 16:18 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-27 16:18 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-27 16:18 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-27 16:18 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-27 16:18 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-27 16:18 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-27 16:18 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-27 16:18 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-27 16:18 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-27 16:18 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-27 16:18 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-27 16:18 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-27 16:18 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-27 16:18 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-27 16:18 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-27 16:18 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-27 16:18 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-27 16:18 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-27 16:18 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-27 16:18 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-27 16:18 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-27 16:18 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-27 16:18 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-27 16:18 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-27 16:18 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-27 16:18 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-27 16:18 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-27 16:18 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-26 20:15 - 2016-01-26 20:15 - 00000273 _____ C:\Users\ghy\Desktop\Eric Hites - Fat Guy Across America - FGAA  Healthy Living Bloggers  GOMI Forums - GOMI  BLOG  GOMIBLOG.url
2016-01-25 17:58 - 2016-01-25 17:58 - 00001235 _____ C:\Users\Public\Desktop\LibreOffice 5.0.lnk
2016-01-25 17:58 - 2016-01-25 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2016-01-25 17:57 - 2016-01-25 17:58 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-01-25 17:39 - 2016-01-25 17:51 - 220893184 _____ C:\Users\ghy\Downloads\LibreOffice_5.0.4_Win_x86.msi
2016-01-18 19:13 - 2016-01-18 19:13 - 00000217 _____ C:\Users\ghy\Desktop\Dissociation in Borderline Personality Disorder.url
2016-01-18 19:10 - 2016-01-18 19:10 - 00000209 _____ C:\Users\ghy\Desktop\David Bowie - Space Oddity - YouTube.url
2016-01-16 16:22 - 2016-01-16 16:23 - 13489575 _____ C:\Users\ghy\Downloads\Butterflies.themepack
2016-01-16 16:22 - 2016-01-16 16:23 - 12941151 _____ C:\Users\ghy\Downloads\AnimalAffection.themepack
2016-01-16 16:22 - 2016-01-16 16:23 - 08387879 _____ C:\Users\ghy\Downloads\BeesMayurKotlikar.themepack
2016-01-16 16:22 - 2016-01-16 16:23 - 06845104 _____ C:\Users\ghy\Downloads\CatsAnytime.themepack

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-15 06:55 - 2015-03-23 06:29 - 00004134 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8CD2588C-90C7-469A-8C02-FDB55C5E757E}
2016-02-15 06:49 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-15 06:44 - 2015-08-27 17:55 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 06:44 - 2015-03-08 10:53 - 00000000 __SHD C:\Users\ghy\IntelGraphicsProfiles
2016-02-15 06:42 - 2015-11-14 21:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-15 06:41 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-15 06:41 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-14 18:32 - 2015-12-28 17:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-14 18:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-14 17:21 - 2015-08-27 17:55 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-14 13:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-14 11:50 - 2015-11-25 15:00 - 00000000 ____D C:\Users\ghy\Desktop\Songs
2016-02-14 11:20 - 2015-03-22 07:33 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-14 10:51 - 2015-03-22 07:33 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-14 10:50 - 2015-03-22 07:33 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-14 10:49 - 2015-03-22 07:33 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-02-13 12:17 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 08:15 - 2014-11-19 18:03 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 08:11 - 2015-11-15 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-10 08:10 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 08:08 - 2015-03-22 10:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 08:03 - 2015-03-22 10:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 08:02 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-10 07:53 - 2015-08-27 17:57 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 07:27 - 2015-12-28 17:38 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-09 08:17 - 2015-09-19 11:12 - 00000000 ____D C:\Users\ghy\Desktop\Budget
2016-02-05 09:48 - 2015-03-22 19:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-03 19:46 - 2015-09-19 11:12 - 00000000 ____D C:\Users\ghy\Desktop\Maintenance
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 17:03 - 2015-09-16 09:59 - 00000000 ____D C:\Users\ghy\AppData\Roaming\Opera Software
2016-02-02 17:03 - 2015-09-16 09:59 - 00000000 ____D C:\Users\ghy\AppData\Local\Opera Software
2016-02-02 17:03 - 2015-09-16 09:57 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-02 12:16 - 2015-08-27 17:55 - 00003970 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 12:16 - 2015-08-27 17:55 - 00003738 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 21:49 - 2015-11-14 21:33 - 00000000 ____D C:\Users\ghy
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 19:56 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-30 19:51 - 2015-11-14 21:24 - 00259248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-30 19:23 - 2015-08-06 17:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-30 19:23 - 2015-03-22 19:07 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-01-30 19:23 - 2012-11-25 23:05 - 00000000 ____D C:\ProgramData\Temp
2016-01-21 21:17 - 2015-10-02 18:20 - 00000000 ____D C:\Users\ghy\AppData\Local\ElevatedDiagnostics
2016-01-21 21:12 - 2015-03-22 19:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-21 08:10 - 2015-11-25 06:20 - 00000000 ____D C:\Users\ghy\AppData\Roaming\WinPatrol
2016-01-19 12:44 - 2015-08-06 16:19 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-05-11 13:43 - 2015-10-31 10:25 - 0033280 _____ () C:\Users\ghy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-14 21:29 - 2015-11-14 21:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\ghy\AppData\Local\Temp\SpotifyUninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-12 13:45

==================== End of FRST.txt ============================
« Last Edit: February 16, 2016, 03:06:00 PM by Hoov »



Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: computer shutdown sometimes
« Reply #1 on: February 15, 2016, 06:12:54 AM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by ghy (2016-02-15 07:04:45)
Running from C:\Users\ghy\Desktop
Windows 10 Home (X64) (2015-11-15 03:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-876722891-2251025421-431620547-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-876722891-2251025421-431620547-503 - Limited - Disabled)
ghy (S-1-5-21-876722891-2251025421-431620547-1001 - Administrator - Enabled) => C:\Users\ghy
Guest (S-1-5-21-876722891-2251025421-431620547-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-876722891-2251025421-431620547-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\{0608F2B6-4E49-4AD0-9128-C122A34CFCE1}) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
LibreOffice 5.0.4.2 (HKLM-x32\...\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}) (Version: 5.0.4.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.1 (x86 en-US)) (Version: 44.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
Opera Stable 35.0.2066.37 (HKU\.DEFAULT\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Unity Web Player (HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-876722891-2251025421-431620547-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ghy\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-876722891-2251025421-431620547-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2C3BEBD0-6E66-4397-BB8E-7361D601603A} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {2CE59613-94BF-4471-B24D-401795F722ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2ED982C7-7C3C-45F1-BA86-DB5EB694474F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EDE8920-CCCC-44A2-B875-DB04B9C6E119} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3A7A63D8-7718-4D5F-AD9E-8B298071FABD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4B9DBC7B-7BFF-4F92-B385-B967A806FA5D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5FC481A6-55DE-44AF-A2A1-B98AC5AEF9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {61C83F19-FC38-49E8-9D4E-DCAD4DD1E3C8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {62EF12B5-ACC4-4A99-9960-6228C3EDB99E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {64112807-7285-4BBF-AECE-49FDB39FE1D9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {6534B844-3702-4842-B4CB-67B1A376CD1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {696DBDF5-F258-49AE-AC46-A1CD60D7D3E1} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
Task: {6EDC72B3-94BE-484F-9540-086FFE379C87} - System32\Tasks\Opera scheduled Autoupdate 1454450579 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-28] (Opera Software)
Task: {728AA846-3422-4FBB-A98A-0871BBFC1FB7} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {883FBD82-F679-4129-BF06-E6BBCEBAD7BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9EAF3EC6-EFA1-45DE-9F1E-EEE7F472BBC9} - System32\Tasks\{E2F0E92A-AB84-45CB-BC50-6C92D8FE5CD4} => pcalua.exe -a "C:\Program Files (x86)\PopCap Games\Zuma Deluxe\PopUninstall.exe" -c "C:\Program Files (x86)\PopCap Games\Zuma Deluxe\Install.log"
Task: {B7110350-BB1F-4AC9-81AF-00CD7314D9BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B9261823-A039-46E8-992D-7CEC39D2CE64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {C8F6FDC0-C65B-4ECD-B4C8-315DDBA2A1EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C92D8E96-652E-448D-AD40-338AE909E798} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DFF52FD7-FC6E-45E1-905E-02B17AC2A403} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
Task: {E403B046-E33E-4A3F-9317-452636DA928E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3277247-AAD0-4AED-AF6B-AF75BEF407E9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-14] (AVAST Software)
Task: {FA9F79D3-3652-456F-AE75-60F95E884E59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-09 13:53 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-09 13:53 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 13:41 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 13:41 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 17:26 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 17:26 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 16:18 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 16:19 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-14 10:50 - 2016-02-14 10:50 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-14 10:50 - 2016-02-14 10:50 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-14 17:26 - 2016-02-14 17:26 - 02829824 _____ () C:\Program Files\AVAST Software\Avast\defs\16021401\algo.dll
2016-02-14 10:50 - 2016-02-14 10:50 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-15 06:44 - 2016-02-15 06:44 - 02829824 _____ () C:\Program Files\AVAST Software\Avast\defs\16021500\algo.dll
2012-11-02 19:38 - 2012-11-02 19:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2012-11-02 19:38 - 2012-11-02 19:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
2012-11-02 19:37 - 2012-11-02 19:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
2015-12-11 21:39 - 2015-12-11 21:39 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-18 07:05 - 2014-10-31 15:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-09-18 07:05 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-01-22 13:02 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-876722891-2251025421-431620547-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ghy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-876722891-2251025421-431620547-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B8E787B9-4F48-4683-B6E3-9B1B5C689C01}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{59F04A27-FAE9-40D1-B8BF-69E3A0C303B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B094EB2-69BA-46DA-8062-22B579AC1C85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{094A041C-76D8-4571-9328-E904D7BDFF20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{DF3AB8E2-7EDF-492E-A2EF-E88C1FECB7B3}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{C221DCB8-82EC-4BC0-B87F-3D9A56DBA5D4}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{5398AD3A-D0B9-453C-B657-66FF44FA2103}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{40A0B768-E021-4FFC-B720-692672D9923D}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{B52B3383-B13D-45BC-8421-3B26CDCBE7E1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{47390562-E0D3-43FB-8A91-AFEA7C262DB0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CE004BB7-DF95-4BE2-BAAF-C06240CCCC4C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1C32704D-AF19-4AFC-ACB1-C0F52A3D6189}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C1D6DD31-E9BF-4969-96B8-50188A0F9A59}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B7AEC004-18A4-489A-92A0-B31F0D912E80}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6AEC615B-75E3-47CC-AE0C-C6DE8F0EE91B}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{2EA8756A-6264-4B41-AB4D-4F842E4A6C28}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\FileExplorer.exe
FirewallRules: [{67A49C39-5670-41D7-AB8C-B6517BB4F581}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
FirewallRules: [{D9EDBB1C-E62C-4308-896F-667653516118}] => (Allow) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManager.exe
FirewallRules: [TCP Query User{BCFB36CD-CCAF-449B-9868-DE70EDE718AA}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{961D40A1-72D0-4A22-96AF-41A56356750C}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{890B8544-C859-4432-9A96-2F66811A8D29}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{D6AB82A5-335A-41B1-92CC-B626E20D2008}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{B5694E88-7B46-4A0C-B3F8-ADA18A51CDEB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2B91CA40-532C-4A6E-845E-531E18E5A26A}] => (Allow) LPort=2869
FirewallRules: [{2E2C5318-89CB-4DBE-80D2-C5CCD885B58B}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{25ACB984-D85E-4F78-AEEB-F82377BCA95A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{398A7286-31E9-411E-B65C-18A1139F03A2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{B9B2DF26-576D-4E18-9183-A4592A2F2316}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{EE5762EC-D544-401C-9FF0-14550034FC91}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{D15753F4-F44F-4DC8-B1B2-56F806C34817}C:\program files (x86)\tvmc\tvmc.exe] => (Allow) C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{36AD9960-4E23-486D-A247-19504F505ACD}C:\program files (x86)\tvmc\tvmc.exe] => (Allow) C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [{15BDFA9D-32A6-4A11-944B-A01896C74401}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0302B59F-F3B5-4C8A-9D84-94CB2F1CFC48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{026F0850-3C77-4AB5-98BD-CE949617C56F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B56B16F8-06F8-4672-BB39-1A0559B8CB3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9236B0DA-3975-4CB2-B4C5-90F27EBC3BA7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{14FE2414-86E9-48C8-86B8-27F62AE1B7B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-01-2016 17:03:26 Scheduled Checkpoint
03-02-2016 20:06:50 Scheduled Checkpoint
10-02-2016 07:59:54 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2016 06:38:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.104, time stamp: 0x56aaffa0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0xda4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (02/14/2016 10:40:15 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 00000000.  The machine must now be restarted.

Error: (02/13/2016 01:39:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2734

Error: (02/13/2016 01:39:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2734

Error: (02/13/2016 01:39:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/10/2016 08:00:05 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/08/2016 06:49:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: me)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/08/2016 12:11:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockAppHost.exe, version: 10.0.10586.0, time stamp: 0x5632d67b
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc0000409
Fault offset: 0x00000000000950f7
Faulting process id: 0x23bc
Faulting application start time: 0xLockAppHost.exe0
Faulting application path: LockAppHost.exe1
Faulting module path: LockAppHost.exe2
Report Id: LockAppHost.exe3
Faulting package full name: LockAppHost.exe4
Faulting package-relative application ID: LockAppHost.exe5

Error: (02/05/2016 12:08:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1234

Error: (02/05/2016 12:08:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1234


System errors:
=============
Error: (02/15/2016 06:47:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (02/15/2016 06:41:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_14ff797 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:41:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_14ff797 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:41:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_14ff797 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:41:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_14ff797 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/15/2016 06:41:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/15/2016 06:41:08 AM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: System Events Broker

Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

You may have to restart the computer in safe mode before you can disable the service.

Error: (02/15/2016 06:40:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (02/15/2016 06:40:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

Error: (02/15/2016 06:39:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.


CodeIntegrity:
===================================
  Date: 2016-02-13 12:16:53.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 08:14:30.370
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-30 19:57:39.401
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-19 12:42:29.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 06:27:25.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-30 08:08:43.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-19 13:21:59.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-10 15:09:49.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-09 16:50:03.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-22 06:14:45.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1000M @ 1.80GHz
Percentage of memory in use: 35%
Total physical RAM: 3911.27 MB
Available physical RAM: 2514.78 MB
Total Virtual: 4615.27 MB
Available Virtual: 3222.45 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:281.36 GB) (Free:152.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1AF85E84)

Partition: GPT.

==================== End of Addition.txt ============================

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: computer shutdown sometimes
« Reply #2 on: February 16, 2016, 10:39:11 AM »

Hello Mommyto3furballs,

Thanks for the log, I am looking through it now  :)1

Platypuss


Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #3 on: February 18, 2016, 11:12:27 AM »
 Hello Mommyto3furballs,

 
STEP 1


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
Start:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [LManager] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
Task: {2CE59613-94BF-4471-B24D-401795F722ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2ED982C7-7C3C-45F1-BA86-DB5EB694474F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EDE8920-CCCC-44A2-B875-DB04B9C6E119} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3A7A63D8-7718-4D5F-AD9E-8B298071FABD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4B9DBC7B-7BFF-4F92-B385-B967A806FA5D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5FC481A6-55DE-44AF-A2A1-B98AC5AEF9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
Task: {62EF12B5-ACC4-4A99-9960-6228C3EDB99E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7110350-BB1F-4AC9-81AF-00CD7314D9BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C8F6FDC0-C65B-4ECD-B4C8-315DDBA2A1EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C92D8E96-652E-448D-AD40-338AE909E798} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E403B046-E33E-4A3F-9317-452636DA928E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
EmptyTemp:
Reboot:

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

>>>>>>>>>>>>>>>>>>>>>>>>>

STEP 2

Please download AdwCleaner]  onto your Desktop.

Take care NOT to click on any ad, such as PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

  • Close your browser and double click the AdwCleaner icon on your desktop.
  • Click on the Scan in the Actions box
  • Please wait for the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
       
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
       
  • Click OK on the Information box & again OK to allow the necessary reboot

    After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
   
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.
>>>>>>>>>>>>>>>>>

  STEP 3


Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>

I need , Fixlog.txt, AdwareCleaner log, JRT.txt. please

platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #4 on: February 18, 2016, 02:27:01 PM »
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by ghy (2016-02-18 14:45:21) Run:1
Running from C:\Users\ghy\Desktop
Loaded Profiles: ghy (Available Profiles: ghy & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start:
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [LManager] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-876722891-2251025421-431620547-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
Task: {2CE59613-94BF-4471-B24D-401795F722ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2ED982C7-7C3C-45F1-BA86-DB5EB694474F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2EDE8920-CCCC-44A2-B875-DB04B9C6E119} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3A7A63D8-7718-4D5F-AD9E-8B298071FABD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4B9DBC7B-7BFF-4F92-B385-B967A806FA5D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5FC481A6-55DE-44AF-A2A1-B98AC5AEF9C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
Task: {62EF12B5-ACC4-4A99-9960-6228C3EDB99E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B7110350-BB1F-4AC9-81AF-00CD7314D9BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C8F6FDC0-C65B-4ECD-B4C8-315DDBA2A1EE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C92D8E96-652E-448D-AD40-338AE909E798} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E403B046-E33E-4A3F-9317-452636DA928E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
EmptyTemp:
Reboot:
*****************

Start: => Error: No automatic fix found for this entry.
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-876722891-2251025421-431620547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
HKU\S-1-5-21-876722891-2251025421-431620547-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CE59613-94BF-4471-B24D-401795F722ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE59613-94BF-4471-B24D-401795F722ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ED982C7-7C3C-45F1-BA86-DB5EB694474F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ED982C7-7C3C-45F1-BA86-DB5EB694474F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EDE8920-CCCC-44A2-B875-DB04B9C6E119}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EDE8920-CCCC-44A2-B875-DB04B9C6E119}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A7A63D8-7718-4D5F-AD9E-8B298071FABD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A7A63D8-7718-4D5F-AD9E-8B298071FABD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B9DBC7B-7BFF-4F92-B385-B967A806FA5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B9DBC7B-7BFF-4F92-B385-B967A806FA5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC481A6-55DE-44AF-A2A1-B98AC5AEF9C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC481A6-55DE-44AF-A2A1-B98AC5AEF9C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62EF12B5-ACC4-4A99-9960-6228C3EDB99E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62EF12B5-ACC4-4A99-9960-6228C3EDB99E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7110350-BB1F-4AC9-81AF-00CD7314D9BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7110350-BB1F-4AC9-81AF-00CD7314D9BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8F6FDC0-C65B-4ECD-B4C8-315DDBA2A1EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8F6FDC0-C65B-4ECD-B4C8-315DDBA2A1EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C92D8E96-652E-448D-AD40-338AE909E798}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C92D8E96-652E-448D-AD40-338AE909E798}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E403B046-E33E-4A3F-9317-452636DA928E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E403B046-E33E-4A3F-9317-452636DA928E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
EmptyTemp: => 84.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:46:23 ====

# AdwCleaner v5.021 - Logfile created 15/11/2015 at 09:43:04
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : ghy - ME
# Running from : C:\Users\ghy\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\ghy\AppData\Roaming\Mozilla\Firefox\Profiles\nrqao1ea.default\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}.xpi

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Myfree Codec
[-] Key Deleted : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1935 bytes] ##########
# AdwCleaner v5.035 - Logfile created 18/02/2016 at 14:57:41
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : ghy - ME
# Running from : C:\Users\ghy\Downloads\AdwCleaner (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File Deleted : C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File Deleted : C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File Deleted : C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\ghy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3044 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by ghy (Administrator) on 2016-02-18 at 15:04:40.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Users\ghy\AppData\Roaming\Mozilla\Firefox\Profiles\nrqao1ea.default\extensions\jid1-dwtFBkQjb3SIQp@jetpack.xpi (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{48080B65-246A-4902-851C-689CF29BFB2B} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-02-18 at 15:09:32.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #5 on: February 18, 2016, 02:59:41 PM »

Hello mommyto3furballs,

How is the computer running now ?
platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #6 on: February 18, 2016, 04:56:17 PM »
hasn't had that countdown to shutdown which is good. this is my main computer so i was kinda worried on what was going on. i'm usually very good keeping maintenance up on this computer. just was thinking it had something to do with me using the free upgrade to windows 10.  haven't done the upgrade on the other computer i had you look at a couple of months ago. hopefully this does solve the problem.

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #7 on: February 19, 2016, 06:06:19 AM »
update friday am...

last night i shut down the computer and it took a lot longer than normal for the hd to shut down. then this morning, it didn't turn on properly. none of the icons at the bottom wanted to load. no date time sound anything like that! i had to shut down (which i could do) and turn the computer back on again. beginning to wonder if the hd is slowly starting to go. these symptoms have been spiratic which is annoying.  i'm seriously hoping that is not the case but i'm going to back everything up to be on the safe side i guess.


Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #8 on: February 20, 2016, 11:16:52 AM »
 


   
Quote
i'm usually very good keeping maintenance up on this computer


Yes, I see that you have Secunia for regular checking for updates.

Regarding Windows 10  I would suggest that you keep one computer with 10  & your other on 8.1
Until you are familiar with Windows 10 and get some experience with it, but before July" that way you will not run the risk of waiting too long.


 This is link for slow shutdown Win10:- HERE
 

How to filter for events that provide detailed information about startup and shutdown of Windows services.

 
If your computer takes a long time to boot up or shut down, you can use Event Viewer to perform a prelimiary analysis of what services are causing the most delay.  To do this, open Event Viewer and expand the following log:

Applications And Services Logs\Microsoft\Windows\Diagnostics-Performance\Operational

Right-click on this log and select Filter Current Log.

To filter for boot events, type 100-199 in the Event IDs field and click OK.

To filter for shutdown events, type 200-299 in the same field and click OK.

Here is an example of a service causing delayed shutdown:



http://www.windowsnetworking.com/kbase/WindowsTips/Windows7/AdminTips/Miscellaneous/AnalyzingSlowStartupandShutdownusingEventViewer.html

     File Name                               :               napagent

     Friendly Name                     :               Quarantine Agent Service Run-Time

     Version                   :               6.1.7600.16385 (win7_rtm.090713-1255)

     Total Time                              :               7521ms

     
>>>>>>>>>>>>>>>>>>>>>

Link below for taskbar shortcuts-no response HERE


1.Press Windows Key + R on your keyboard.
2.Key in PowerShell and hit Enter.
3.Right click on the PowerShell icon on the taskbar and select Run as Administrator.
4.Now paste the following command in the Administrator: Windows PowerShell window and press Enter key: Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

5. NOW for the important part ! Locate to :  C:/Users/name/AppData/Local/ and delete the TileDataLayer folder. Should fix everything immediately, no reboot necessary. Let me know how it works for you, and remember to clean the recycle bin after you deleted the folder and give it 1min then everything is back to normal !

N.B. The "name" in the above filepath will be your name which I believe is ghy

platypuss

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #9 on: February 20, 2016, 11:37:02 AM »
i'm getting an error for that but i will try again later

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #10 on: February 20, 2016, 11:51:50 AM »
seems to be boot and shut down errors...hmmm. last night and this morning it shut down normally. do i keep these websites in case this happens again?

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #11 on: February 21, 2016, 12:56:12 PM »
i did what you suggested and now i can't view my pics on my computer. comes up with an error ... remote call feature failed. also can't access calculator and all sorts of weird stuff now in my start menu. should i just do a system restore to fix it? i don't have a windows 10 disk at all

Offline mommyto3furballs

  • Bronze Member
  • Posts: 189
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #12 on: February 22, 2016, 07:08:30 AM »
update monday morning - my computer just did the 1 minute shutdown thing again...getting fustrated beyond belief. looks like i'm probably gonna have to save up for a new hd i guess and a copy of windows 10 :(

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #13 on: February 22, 2016, 09:06:20 AM »

Hello Mommyto3furballs,

Thank you for the updates.

Are you still experiencing access to your pictures & calculater ?
platypuss

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [IN PROGRESS] computer shutdown sometimes
« Reply #14 on: February 23, 2016, 06:05:18 AM »


 
Hello Mommyto3furballs,

It would be betterr if we came back to your shutdown/taskbar problem & finished removing the malware from your computer
first.


Please run a scan with ESET Online Scanner (Do not use your existing copy)
We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed.
This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:


 
**Note** You will need to use Internet explorer for this scan- Vista and Windows 7/8 right click on IE shortcut and run as admin.n

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART Installer during the process)


Please go HERE to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan See HERE for details
       
  • Tick the box next to YES, I accept the Terms of Use.
       
  • Click Start
       
  • When asked, allow the activex control to install
  • Click Start
       
  • Make sure that the option Remove found threats is ticked
       
  • Click on Advanced Settings and ensure these options are ticked:-
1.Scan for potentially unwanted applications
        2.Scan for potentially unsafe applications
        3.Enable Anti-Stealth Technology


   
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic

NOTE: Sometimes if ESET finds no infections it will not create a log.
platypuss