# Cant access Microsoft Word or documents?



## FelicityCreagh (Sep 10, 2017)

Hi There

Thank you so much for helping me with my query.

I was wondering if anyone can please advise me on how to access Microsoft Word and all my documents? If I click on the icon or documents, it comes up with this response:










I don't know why or how this has happened? My husband said he tried to download ITunes onto the computer and it didn't work properly. I have tried to uninstall some programs but it doesn't seem to be working. Any assistance you can provide is greatly appreciated.

Thanks again.
Kind Regards,
Felicity


----------



## vdvito (Sep 10, 2017)

have you tried uninstalling and reinstalling microsoft office?


----------



## etaf (Oct 2, 2003)

> he tried to download ITunes onto the computer and it didn't work properly


 what happened ?
i have known people download itunes from a suspect site and get all sorts of malware on the pc 
are you getting any other popups or when you open a webpage does it go to a different home page 
whats the home page it goes to ?


----------



## jenae (Mar 17, 2013)

Hi, the error code indicates a permissions problem, most likely a third party AV triggered by the download. What anti virus program do you use?


----------



## FelicityCreagh (Sep 10, 2017)

etaf said:


> what happened ?
> i have known people download itunes from a suspect site and get all sorts of malware on the pc
> are you getting any other popups or when you open a webpage does it go to a different home page
> whats the home page it goes to ?


I agree my husband downloaded from a suspect site as there were all sorts of different icons on the desktop which I have now deleted. The home page is the normal home page and so far I haven't seen any pop ups, but there were icons on the desktop which look like they want me to access their security software. We use TrendMicro security so I am wondering why it didn't block it? Should I take the computer to a repair place? Thanks so much


----------



## FelicityCreagh (Sep 10, 2017)

jenae said:


> Hi, the error code indicates a permissions problem, most likely a third party AV triggered by the download. What anti virus program do you use?


I agree, thanks Jenae. We use TrendMicro, I am wondering why it didn't block the virus? Do you think I need to take the computer to a repair place? I feel as though these issues are beyond my computer capabilities! Thanks again


----------



## etaf (Oct 2, 2003)

when you installed itunes from a "dodgy" site, you also gave permission for the malware to be loaded

i suggest you run malwarebytes on the PC
deleting the icons on the desktop does NOT remove the malware

we can try a few cleanup programs - BUT if that does not resolve we may have to start a new thread in the malware/virus forum

Please note the following:

*I would suggest running some of the more common malware removal tools - this is NOT the full cleaning process, However, often the following may resolve some of the very common malware*.

The following programs will remove the most common malware and so at the end of the process , the PC maybe clean. If not , then we need to move to the virus/malware forum for a specialist to review.
*Do NOT* install/re-install any programs or run any fixes or scanners unless told to do so.
I would advise backing up all your important documents, personal data files and photos to an externl source DVD/CD or external hard drive.
Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
Be sure to follow the directions and run tools/scans in the order listed.
If you are getting any support on this issue from any other forum, please advise, as a) this wastes a lot of time and b) can cause issues on the PC as we do not know what else is being suggested.

*-------------------------------------------------------------*

*malwarebytes Download and Run*

Note Malwaybytes will remove a lot of cookies, and so any passwords for websites, may be removed.
Make sure you *know* all your internet usernames and password for any site you use for accessing email, forums, newsites and/or bloggs, etc

If Malwarebytes is not installed follow these instructions:
Download *Malwarebytes Anti-Malware* to your desktop.

Double-click *mbam-setup-????? * the ???? will be a number like 2.1.8.1057 and show the version of malwarbytes. Follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
*Launch Malwarebytes Anti-Malware*
A trial version of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click *Finish*.

Now Malwarebytes will load , once on the screen - it will open in *Dashboard* view.

At the bottom of the screen will be a large icon *"Scan Now"* click to start the scan.

It will automatically download any updates required.
The Scan will take a long while to run , so be very patient.

When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
Reboot your computer if prompted, I would reboot the PC anyway.

If you did not deselect the trial version, Malwarebytes will appear in the system tray ( Bottom right normally ) and will be providing realtime protection, however, this will end when the trial period is over.
Unless you are going to purchase the full version, I would "end the free trial version" in "dashboard" view - at the bottom of the screen , you have an option "end trial"
click there.
Now malwarebytes "realtime protection", will not load each time the PC starts.

I recommend that Malwarebytes is run frequently. This timescale depends on how often you use the PC, and browse on the internet. I usually suggest weekly or following any heavy Webbrowsing Sessions.

Often running your Antivirus program (ensuring you have the latest update & Definitions), with Malwarebytes will solve a lot of the more common infections.

Please Post back if you are still having any issues, as we can run a couple of other programs , AdwCleaner and SuperAntiSpyware if necessary and we have not already run.

If they do/have not resolve your issue - then we would refer your post to the Malware & Virus forum for one of the forum experts to review.

*-------------------------------------------------------------*


----------



## FelicityCreagh (Sep 10, 2017)

Hi Wayne

Thank you so much for your response. I downloaded the *Malwarebytes Anti-Malware* to my desktop and when I double clicked on it, I get this message:








Should I try to download another program?

Thanks again,
Felicity


----------



## FelicityCreagh (Sep 10, 2017)

Hi Wayne

Tried to download the other programs you mentioned (AdwCleaner and SuperAntiSpyware) and I received the same 'application error' message above. 

Kind Regards,
Felicity


----------



## etaf (Oct 2, 2003)

As jenae
Says , it looks like the AV 
can you Disable trendMicro and try running

Does the machine run any programs - notepad etc

have a read here and turn off for an hour
https://www.linksys.com/us/support-article?articleNum=137262


----------



## FelicityCreagh (Sep 10, 2017)

Thanks. Ive turned off TrendMicro and will turn off the computer for a while. I have a newborn baby so need to head to bed and will try again in the morning.
Thanks again, much appreciated


----------



## etaf (Oct 2, 2003)

Ok, the idea was to turn off trendmicro and then try and run the program and see if malwarebytes now runs


----------



## FelicityCreagh (Sep 10, 2017)

ok so I restart computer now and then try and see if malwaresbytes runs?


----------



## FelicityCreagh (Sep 10, 2017)

or just try to reinstall malwaresbytes now as its off?


----------



## etaf (Oct 2, 2003)

restart PC 
turn off trendmicro 
then try malwarebytes
the idea is to see if trendmicro is stopping 

we can also try safemode later 
i'm in UK timezone 
so maybe some time in replying - depending on where you are


----------



## FelicityCreagh (Sep 10, 2017)

tried to install malwares and got the same error message


----------



## FelicityCreagh (Sep 10, 2017)

etaf said:


> restart PC
> turn off trendmicro
> then try malwarebytes
> the idea is to see if trendmicro is stopping
> ...


Thanks will do


----------



## FelicityCreagh (Sep 10, 2017)

I restarted PC, turned off trendmicro, tried Malwarebytes and received same message :-(
Should we try safemode?
Thank you


----------



## FelicityCreagh (Sep 10, 2017)

I'm super tired and need to go to bed. Can I get in contact with you or someone else again tomorrow?
Thanks again for all your help.
Kind Regards,
Felicity


----------



## etaf (Oct 2, 2003)

if you would like, but dont you need some sleep , this is the sort of thing that goes , i'll just try and then try and then.... 3 hours have past

https://www.bleepingcomputer.com/tutorials/how-to-start-windows-10-in-safe-mode-with-networking/


----------



## etaf (Oct 2, 2003)

cross post 
yep we are always open, so someone will pick up 
or 
i will be back - just depends on your timezone v mine UK


----------



## FelicityCreagh (Sep 10, 2017)

Thanks, I'm super tired so heading to bed now. I'm in Perth, Australia, its 9.20pm so Ill try again tomorrow morning.
Thanks again,


----------



## etaf (Oct 2, 2003)

ok, i'm in uk 2:36
so your morning 
7hrs ahead
will be the middle of night for me
next on around 8am or 1pm ish uk = 5pm , 9pm Australia


----------



## FelicityCreagh (Sep 10, 2017)

Hi Again
I'm sorry for the delay in getting back to you, been busy looking after my newborn and 20 month old boy. I tried to restart in safe mode so I could download the anti-virus software and I had the following response when I tried to click on Explore (internet):

'This app cant be opened using the built in administrator account. Sign in with a different account and try again'.

I tried to get the internet in safe mode twice and still met with the above response. I only have one sign-in so I am unsure why I need to sign in with a different account?

Thank you for your ongoing assistance, I really appreciate it.

Kind Regards,
Felicity


----------



## etaf (Oct 2, 2003)

you wont get out on the internet with safemode - unless you choose safemode with networking

you need to install the already downloaded file from "downloads" and that will install malwarebytes onto the PC in safemode 
you should not need to download again 

but 
you should be logged in as an administrator - 

What windows version are you running ?


----------



## FelicityCreagh (Sep 10, 2017)

Running windows 10, I chose safemode with networking (option 5).

I haven't been able to do any Malwarebytes downloads as keep getting the error message.

I'm logged in as administrator.

Thanks


----------



## etaf (Oct 2, 2003)

when do you get the message exactly 
running a webbrowser like edge


----------



## jenae (Mar 17, 2013)

Hi, yes MS decided for security reasons not to let an administrator account run the edge browser, this appears to be the message you are now receiving. It is relatively easy to work around this, I assume you did this and edge was working. 

What appears to have happened now is your ACL's (access control lists) are corrupted, or deliberately altered, this is common to prevent you from running AV and Malware removal programs. Disabling Trend Micro will not resolve the issue since disabling still allows the util to maintain it's basic settings which are now active, you have to totally uninstall it. Now this begins to become too hard, and you would need to post on the security forum. Wayne may have other approaches he would like to try. 

However there may be an easier solution for you. Win 10 makes a regbackup every 7-10 days, if you have still got one prior to this event then restoring from this could save you.

You need to use the recovery environment, and as your machine still boots this is straight forward. Go to shutdown and select "restart" before selecting restart press and hold the "Shift" key, then click on restart.

Windows will open the recovery:-

You need to access the command prompt , typically it will have x:\windows\system32> at the prompt, at this type:-

(NOTE:- SYNTAX IS IMPORTANT USE SPACES WHERE SHOWN, type exactly as you see here)

bcdedit |find "osdevice" (press enter) The | is above the \ key.

It will return osdevice ......partition X (where X is a drive letter) for most win 10 users this will be D assume it is D if not change D to whatever the bcdedit cmd returns.

Next type:- D: (press enter)

The prompt now looks like this D:\> at this type:-

cd d:\windows\system32\config (press enter)

Next type:- dir (press enter) the contents of the config file will appear if you see a file called Regback note the creation date, if it was before the problem then proceed, if not you have lucked out, and this will not work. (note win 10 makes regbackup's every 7-10 days so you should be OK)

Next type:- cd regback (press enter)

Next type:- copy *.* d:\windows \system32\config (press enter)

Type:- All to the Yes\No\All prompt

Once completed restart computer. This can do no harm, if it fails to fix your problem then you will need to seek assistance from the security forum.


----------



## FelicityCreagh (Sep 10, 2017)

Hi All

We have done the Windows update and we now have access to Microsoft Word yay!!!!

Should we do anything else to ensure the virus has gone??

Thanks sooooo much for all your help, I really appreciate it.

Kind Regards,
Felicity


----------



## FelicityCreagh (Sep 10, 2017)

should I 'uninstall' any of these programs?

Thanks again


----------



## jenae (Mar 17, 2013)

Hi, by "we have done the windows update" are you referring to the regback fix from post #28? I take it the Programs & Features screen shot was after the fix?
To advise you further we need more info, go to search and type:- command prompt, right click on the returned command prompt and select "run as administrator" an elevated cmd prompt will open. Copy and paste all the text below into the cmd window:-

echo > 0 & systeminfo | find /V /I "hotfix" | find /V "KB" >> 0 & WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /format:list >> 0 & wmic PATH Win32_VideoController GET Description,PNPDeviceID /format:list >> 0 & tasklist /v >> 0 & net start >> 0 & echo >> 0 & notepad 0

Press enter, notepad will open with data, use the "More options" at the bottom of your thread to attach the notepad file here.


----------



## FelicityCreagh (Sep 10, 2017)

Yes it was after the fix and yes from thread 28. I have done as advised and pasted from the notepad.

Thanks again, I really appreciate it 

ECHO is on.
Host Name: LAPTOP-JK6NNN3B
OS Name: Microsoft Windows 10 Home
OS Version: 10.0.15063 N/A Build 15063
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization: 
Product ID: 00325-80666-40296-AAOEM
Original Install Date: 16/09/2017, 1:06:03 PM
System Boot Time: 16/09/2017, 12:58:49 PM
System Manufacturer: LENOVO
System Model: 80QQ
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 69 Stepping 1 GenuineIntel ~2100 Mhz
BIOS Version: LENOVO E0CN63WW, 21/10/2016
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-au;English (Australia)
Input Locale: en-us;English (United States)
Time Zone: (UTC+08:00) Perth
Total Physical Memory: 8,111 MB
Available Physical Memory: 3,981 MB
Virtual Memory: Max Size: 10,031 MB
Virtual Memory: Available: 5,520 MB
Virtual Memory: In Use: 4,511 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\LAPTOP-JK6NNN3B
Network Card(s): 3 NIC(s) Installed.
[01]: Realtek RTL8723BE Wireless LAN 802.11n PCI-E NIC
Connection Name: Wi-Fi
DHCP Enabled: Yes
DHCP Server: 10.1.1.1
IP address(es)
[01]: 10.1.1.57
[02]: fe80::79a8:3805:9173:726d
[02]: Realtek PCIe FE Family Controller
Connection Name: Ethernet
Status: Media disconnected
[03]: Bluetooth Device (Personal Area Network)
Connection Name: Bluetooth Network Connection
Status: Media disconnected
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: No
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes

d i s p l a y N a m e = A v a s t A n t i v i r u s

d i s p l a y N a m e = T r e n d M i c r o M a x i m u m S e c u r i t y

d i s p l a y N a m e = W i n d o w s D e f e n d e r

D e s c r i p t i o n = I n t e l ( R ) I r i s ( T M ) G r a p h i c s 5 1 0 0

P N P D e v i c e I D = P C I \ V E N _ 8 0 8 6 & a m p ; D E V _ 0 A 2 E & a m p ; S U B S Y S _ 3 9 F F 1 7 A A & a m p ; R E V _ 0 9 \ 3 & a m p ; 1 1 5 8 3 6 5 9 & a m p ; 0 & a m p ; 1 0

Image Name PID Session Name Session# Mem Usage Status User Name CPU Time Window Title 
========================= ======== ================ =========== ============ =============== ================================================== ============ ========================================================================
System Idle Process 0 Services 0 8 K Unknown NT AUTHORITY\SYSTEM 3:31:33 N/A 
System 4 Services 0 1,196 K Unknown N/A 0:02:27 N/A 
smss.exe 528 Services 0 768 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
csrss.exe 684 Services 0 4,456 K Unknown NT AUTHORITY\SYSTEM 0:00:03 N/A 
wininit.exe 780 Services 0 5,528 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
services.exe 832 Services 0 8,948 K Unknown NT AUTHORITY\SYSTEM 0:00:05 N/A 
lsass.exe 840 Services 0 19,896 K Unknown NT AUTHORITY\SYSTEM  0:00:16 N/A 
svchost.exe 948 Services 0 3,288 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
fontdrvhost.exe 960 Services 0 4,808 K Unknown Font Driver Host\UMFD-0 0:00:00 N/A 
svchost.exe 968 Services 0 27,736 K Unknown NT AUTHORITY\SYSTEM 0:00:19 N/A 
svchost.exe 540 Services 0 15,556 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:42 N/A 
svchost.exe 828 Services 0 6,180 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A 
csrss.exe 616 Console 1 5,952 K Running NT AUTHORITY\SYSTEM 0:00:05 N/A 
winlogon.exe 1040 Console 1 11,108 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
fontdrvhost.exe 1096 Console 1 11,336 K Unknown Font Driver Host\UMFD-1 0:00:00 N/A 
dwm.exe 1176 Console 1 55,784 K Running Window Manager\DWM-1 0:00:32 DWM Notification Window 
svchost.exe 1200 Services 0 4,380 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 1300 Services 0 19,956 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:04 N/A 
svchost.exe 1328 Services 0 15,256 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:02 N/A 
svchost.exe 1368 Services 0 6,992 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 1412 Services 0 11,544 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A 
svchost.exe 1468 Services 0 10,752 K Unknown NT AUTHORITY\SYSTEM 0:00:23 N/A 
svchost.exe 1820 Services 0 10,664 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 1852 Services 0 5,284 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A  
svchost.exe 1864 Services 0 5,028 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 1920 Services 0 11,068 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 1952 Services 0 17,040 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:01 N/A 
WUDFHost.exe 2044 Services 0 5,148 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 1340 Services 0 9,820 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 1600 Services 0 11,456 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A 
svchost.exe 1632 Services 0 5,268 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 872 Services 0 8,656 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 1888 Services 0 7,196 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:01 N/A 
WUDFHost.exe 2060 Services 0 5,380 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 2108 Services 0 5,080 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 2164 Services 0 8,508 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 2216 Services 0 11,708 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:01 N/A 
igfxCUIService.exe 2232 Services 0 8,668 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 2252 Services 0 8,964 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A 
svchost.exe 2328 Services 0 7,972 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:01 N/A 
svchost.exe 2336 Services 0 5,744 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 2352 Services 0 12,764 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 2380 Services 0 9,456 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A 
svchost.exe 2420 Services 0 23,628 K Unknown NT AUTHORITY\SYSTEM 0:00:31 N/A 
svchost.exe 2576 Services 0 9,828 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 2664 Services 0 12,532 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
AvastSvc.exe 2676 Services 0 210,444 K Unknown NT AUTHORITY\SYSTEM 0:03:16 N/A 
spoolsv.exe 3480 Services 0 23,200 K Unknown NT AUTHORITY\SYSTEM 0:00:04 N/A 
coreServiceShell.exe 3628 Services 0 115,532 K Unknown NT AUTHORITY\SYSTEM 0:19:58 N/A 
uiWatchDog.exe 3656 Services 0 952 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
CxAudMsg64.exe 3664 Services 0 7,964 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 3672 Services 0 18,020 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:03 N/A 
IntelCpHeciSvc.exe 3688 Services 0 9,480 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
OfficeClickToRun.exe 3704 Services 0 51,620 K Unknown NT AUTHORITY\SYSTEM 0:00:02 N/A 
conhost.exe 3712 Services 0 6,120 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
ETDService.exe 3720 Services 0 5,252 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
Lenovo.Modern.ImControlle 3736 Services 0 59,524 K Unknown NT AUTHORITY\SYSTEM 0:00:09 N/A 
svchost.exe 3756 Services 0 6,852 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:02 N/A 
svchost.exe 3780 Services 0 8,464 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 3800 Services 0 8,004 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
PtSvcHost.exe 3840 Services 0 36,004 K Unknown NT AUTHORITY\SYSTEM 0:00:52 N/A 
RtkBtManServ.exe 3852 Services 0 6,840 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A 
PwmSvc.exe 3860 Services 0 21,484 K Unknown NT AUTHORITY\SYSTEM 0:00:52 N/A 
svchost.exe 3884 Services 0 11,972 K Unknown NT AUTHORITY\SYSTEM 0:00:06 N/A 
SecurityHealthService.exe 3928 Services 0 13,136 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 3976 Services 0 8,636 K Unknown NT AUTHORITY\SYSTEM 0:00:09 N/A 
svchost.exe 4008 Services 0 5,008 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
PtWatchDog.exe 4036 Services 0 5,216 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
coreFrameworkHost.exe 3548 Services 0 6,076 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
conhost.exe 1708 Services 0 6,104 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
Memory Compression 4268 Services 0 88,560 K Unknown NT AUTHORITY\SYSTEM 0:00:12 N/A 
svchost.exe 4524 Services 0 4,808 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
escsvc64.exe 4584 Services 0 6,936 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 4700 Services 0 15,600 K Unknown NT AUTHORITY\SYSTEM 0:00:01 N/A 
unsecapp.exe 5112 Services 0 7,008 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
WmiPrvSE.exe 4216 Services 0 19,848 K Unknown NT AUTHORITY\NETWORK SERVICE 0:14:39 N/A 
svchost.exe 5224 Services 0 9,712 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
aswidsagenta.exe 5320 Services 0 42,956 K Unknown NT AUTHORITY\SYSTEM 0:01:41 N/A 
msdtc.exe 5848 Services 0 8,452 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A 
dllhost.exe 5912 Services 0 8,096 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A 
svchost.exe 2720 Services 0 15,304 K Unknown NT AUTHORITY\SYSTEM 0:00:03 N/A 
dllhost.exe 5968 Services 0 12,548 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 5788 Services 0 15,884 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
wlanext.exe 1296 Services 0 6,928 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
conhost.exe 4120 Services 0 5,400 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 6436 Services 0 5,616 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 6572 Services 0 7,484 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
GDCAgent.exe 6160 Services 0 12,496 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
SASrv.exe 6928 Services 0 6,024 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 6588 Services 0 10,928 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
Locator.exe 2724 Services 0 2,456 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A 
WmiApSrv.exe 6156 Services 0 6,376 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
NisSrv.exe 5908 Services 0 5,872 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
SearchIndexer.exe 6652 Services 0 41,688 K Unknown  NT AUTHORITY\SYSTEM 0:00:32 N/A 
svchost.exe 5760 Services 0 7,884 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:00 N/A 
svchost.exe 1968 Services 0 10,172 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 4376 Services 0 22,112 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
svchost.exe 2796 Services 0 20,756 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 4908 Services 0 33,256 K Unknown NT AUTHORITY\SYSTEM 0:00:04 N/A 
svchost.exe 2180 Services 0 11,856 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 2764 Services 0 19,880 K Unknown NT AUTHORITY\SYSTEM 0:00:06 N/A 
sihost.exe 2892 Console 1 29,948 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:12 N/A 
ETDCtrl.exe 4612 Console 1 25,936 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 My Favorites Setting 
svchost.exe 2820 Console 1 26,104 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
svchost.exe 2548 Console 1 29,768 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:08 Windows Push Notifications Platform 
svchost.exe 4660 Services 0 19,996 K Unknown NT AUTHORITY\SYSTEM 0:00:50 N/A 
PresentationFontCache.exe 6976 Services 0 28,908 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
explorer.exe 2176 Console 1 112,208 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:21 N/A 
igfxEM.exe 7044 Console 1 13,872 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 The Event Manager - Status 
igfxHK.exe 1504 Console 1 9,888 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 HotKey Listener 
svchost.exe 1224 Services 0 6,940 K Unknown NT AUTHORITY\SYSTEM  0:00:00 N/A 
PwmTower.exe 3128 Console 1 48,816 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 N/A 
igfxTray.exe 6132 Console 1 12,092 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 igfxtrayWindow 
PwmTower.exe 6944 Console 1 29,872 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 N/A 
PwmTower.exe 2428 Console 1 56,128 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:13 N/A 
ETDCtrlHelper.exe 176 Console 1 10,924 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 ETDCtrlHelper 
ETDIntelligent.exe 5648 Console 1 10,340 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 ETDIntelligent 
taskhostw.exe 7260 Console 1 47,632 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:09 Task Host Window 
SettingSyncHost.exe 7992 Console 1 25,904 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:50 N/A 
ShellExperienceHost.exe 7464 Console 1 81,860 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:06 New notification 
RuntimeBroker.exe 8232 Console 1 87,132 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:01:20 N/A 
ApplicationFrameHost.exe 8876 Console 1 31,448 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 Cant access Microsoft Word or documents? - New reply to watched thread -
PDVD12Serv.exe 10512 Console 1 1,544 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
HostAppServiceUpdater.exe 10940 Console 1 10,000 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
svchost.exe 10936 Services 0 22,448 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
SkypeHost.exe 11080 Console 1 268 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:02 N/A 
RemindersServer.exe 9212 Console 1 8,684 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
svchost.exe 1664 Console 1 39,396 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 N/A  
audiodg.exe 572 Services 0 16,556 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
MSASCuiL.exe 3056 Console 1 10,156 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
CAudioFilterAgent64.exe 8080 Console 1 9,392 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 Conexant ADR Agent 
PtSessionAgent.exe 11380 Console 1 15,200 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 PtSessionAgent 
uiSeAgnt.exe 11516 Console 1 692 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
utility.exe 11548 Console 1 9,520 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 G 
AvastUI.exe 11756 Console 1 23,132 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:03 N/A 
WzPreloader.exe 11888 Console 1 15,596 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 .NET-BroadcastEventWindow.4.0.0.0.3ce0bb8.0 
CLMLSvc_P2G8.exe 12284 Console 1 12,088 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 G 
svchost.exe 11696 Services 0 19,296 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
WINWORD.EXE 10396 Console 1 105,612 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:08 Document1 - Word 
sppsvc.exe 10216 Services 0 15,576 K Unknown NT AUTHORITY\NETWORK SERVICE 0:00:04 N/A 
OneDrive.exe 10080 Console 1 47,700 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:02 DDE Server Window 
dllhost.exe 12724 Console 1 12,080 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 OleMainThreadWndName 
MicrosoftEdge.exe 10368 Console 1 84,928 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:05 N/A 
browser_broker.exe 9896 Console 1 18,948 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 OleMainThreadWndName 
MicrosoftEdgeCP.exe 4896 Console 1 25,868 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:14 Microsoft Edge 
MicrosoftEdgeCP.exe 10540 Console 1 86,188 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:05 N/A 
MicrosoftEdgeCP.exe 9832 Console 1 83,888 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:02 N/A 
InstallAgent.exe 10200 Console 1 15,972 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
MicrosoftEdgeCP.exe 11168 Console 1 864,340 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:05:02 N/A 
MicrosoftEdgeCP.exe 12324 Console 1 75,800 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 N/A 
WinStore.App.exe 1760 Console 1 86,184 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:01 Store 
SearchUI.exe 6424 Console 1 165,464 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:13 Cortana 
svchost.exe 624 Services 0 28,932 K Unknown NT AUTHORITY\SYSTEM 0:00:44 N/A 
svchost.exe 7808 Services 0 18,848 K Unknown NT AUTHORITY\SYSTEM 0:00:04 N/A 
svchost.exe 8016 Services 0 17,416 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 9120 Services 0 9,924 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
svchost.exe 5264 Services 0 7,428 K Unknown NT AUTHORITY\SYSTEM  0:00:00 N/A 
svchost.exe 1392 Services 0 6,100 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
backgroundTaskHost.exe 8840 Console 1 46,320 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:03 N/A 
smartscreen.exe 9652 Console 1 23,352 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
WmiPrvSE.exe 3496 Services 0 9,264 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
cmd.exe 7592 Console 1 4,300 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 tasklist /v 
conhost.exe 10476 Console 1 18,616 K Running LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
msfeedssync.exe 11576 Console 1 9,156 K Not Responding LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 OleMainThreadWndName 
WmiPrvSE.exe 11472 Services 0 8,912 K Unknown NT AUTHORITY\LOCAL SERVICE 0:00:00 N/A 
TrustedInstaller.exe 4812 Services 0 7,544 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
TiWorker.exe 6308 Services 0 10,936 K Unknown NT AUTHORITY\SYSTEM 0:00:00 N/A 
tasklist.exe 11896 Console 1 9,704 K Unknown LAPTOP-JK6NNN3B\Felicity & Cam 0:00:00 N/A 
These Windows services are started:
Application Information
AppX Deployment Service (AppXSVC)
aswbIDSAgent
Avast Antivirus
Background Intelligent Transfer Service
Background Tasks Infrastructure Service
Base Filtering Engine
Bluetooth Support Service
Client License Service (ClipSVC)
CNG Key Isolation
COM+ Event System
COM+ System Application
Conexant Audio Message Service
Conexant SmartAudio service
Connected Devices Platform Service
Connected Devices Platform User Service_9fd28b
Connected User Experiences and Telemetry
Contact Data_9fd28b
CoreMessaging
Credential Manager
Cryptographic Services
Data Usage
DCOM Server Process Launcher
Delivery Optimization
Device Association Service
Device Install Service
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Elan Service
Epson Scanner Service
GDCAgent
Geolocation Service
Group Policy Client
Human Interface Device Service
Intel(R) Content Protection HECI Service
Intel(R) HD Graphics Control Panel Service
IP Helper
Local Session Manager
Microsoft Account Sign-in Assistant
Microsoft Office Click-to-Run Service
Network Connection Broker
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Platinum Host Service
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Realtek Bluetooth Device Manager Service
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Protection
SSDP Discovery
State Repository Service
Storage Service
Superfetch
Sync Host_9fd28b
System Event Notification Service
System Events Broker
System Interface Foundation Service
Task Scheduler
TCP/IP NetBIOS Helper
Themes
Tile Data model server
Time Broker
TokenBroker
Trend Micro Password Manager Central Control Service
Trend Micro Solution Platform
User Data Access_9fd28b
User Data Storage_9fd28b
User Manager
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Connection Manager
Windows Defender Antivirus Network Inspection Service
Windows Defender Security Center Service
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows License Manager Service
Windows Management Instrumentation
Windows Modules Installer
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Push Notifications System Service
Windows Push Notifications User Service_9fd28b
Windows Search
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
WMI Performance Adapter
Workstation
The command completed successfully.
ECHO is on.


----------



## jenae (Mar 17, 2013)

Hi, you have three Anti Virus programs running, AV's don't play nicely together, they will conflict one seeing the other as a possible virus and acting accordingly, in this case more is less. Now third party utils are increasingly becoming unnecessary in windows, particularly in regards to security. MS have hardened their security and windows defender and windows firewall are all the protection a home user needs. They have the added advantage of integration with the OS and compliance with security updates rolled out by MS.

You should uninstall both Trend Micro and Avast. It is necessary to use the developers util's to do this properly, for Trend Micro go here:-

https://esupport.trendmicro.com/en-...aximum-security/1115650.aspx?referral=1104855

For Avast:-
https://www.avast.com/uninstall-utility

Do this then download SuperantiSpyware (google for it) free version (I do not recommend malwarebytes at the moment they offer only the full version as a trial for 14 days it is a terrible program and will cause you problems)

Run SuperantiSpyware, to clear your computer of accumulated rubbish (temp files, browser history, etc..) google for CCleaner use only the cleaner function DO not use the registry clean function (you do not need to clean your registry).

You might also consider removing the Lenova bloatware, most of which you have no need of.

When finished get windows updates and then run a full scan with windows defender, after a full scan with SuperantiSpyware (don't forget to get their updates you need to do this manually with the free version).

I love Perth, I was married there, and my Daughter was born there, started lecturing in computer science at WAIT in the 60's, now Curtin Uni.


----------



## FelicityCreagh (Sep 10, 2017)

jenae said:


> Hi, you have three Anti Virus programs running, AV's don't play nicely together, they will conflict one seeing the other as a possible virus and acting accordingly, in this case more is less. Now third party utils are increasingly becoming unnecessary in windows, particularly in regards to security. MS have hardened their security and windows defender and windows firewall are all the protection a home user needs. They have the added advantage of integration with the OS and compliance with security updates rolled out by MS.
> 
> You should uninstall both Trend Micro and Avast. It is necessary to use the developers util's to do this properly, for Trend Micro go here:-
> 
> ...


Hi Jenae

Thank you so much for your response, I am sincerely sorry for the delay in responding, I have a newborn and 20mo son and its been super hard.

We actually purchased TrendMicro when we bought our computer (so feel a little reluctant to remove!!), but I will remove if you don't believe its necessary. I have removed Avast as you suggested.

I also see that our Microsoft Word files now have 'docx' at the end of the files. I have pasted a screen shot below. Is this because of the virus? Any way of removing this? I assume your advice above about installing SuperantiSpyware may fix it!!

I agree Perth is an awesome place, we really like it here. Where are you living now?

Thanks again, I realty appreciate it.

Kind Regards,
Felicity


----------



## jenae (Mar 17, 2013)

Hi, increasingly we are seeing more problems with windows ten and third party AV's. Since they offer no significant improvement in protection and also do not integrate nearly as well as defender into the OS, the smart move is to remove them, particularly for the home user.

The file extension for MS word changed back in office 2007 days, so what you see is the current, perfectly normal, if you use office 2007 onward. 2003 still has the .doc extension.


----------

