WiredWX Hobby Weather ToolsLog in

 


Help with possible virus

3 posters

descriptionSolvedRe: Help with possible virus

more_horiz
CHKDSK /R /F:
Run CHKDSK /R /F from an elevated (Run as adminstrator) Command Prompt. Please do this for each hard drive on your system.

When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter. Then reboot and let the test run. It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors. See "CHKDSK LogFile" below in order to check the results of the test.

descriptionSolvedRe: Help with possible virus

more_horiz
Log Name:      Application
Source:        Chkdsk
Date:          12/16/2016 6:45:29 PM
Event ID:      26213
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Home
Description:
Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

Event Xml:

 
   
    26213
    4
    0
    0x80000000000000
   
    280902
    Application
    Home
   
 

 
   

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

    0091070016FB0300792D0500000000007B0700007D0000000000000000000000
 

descriptionSolvedRe: Help with possible virus

more_horiz
How did you run CHKDSK?

It should be run in CHKDSK /R /F to ensure that it fixes it.

Please try again, but ensure there is one space in between CHKDSK and /R and one space between /R and /F.

descriptionSolvedRe: Help with possible virus

more_horiz
New logs

descriptionSolvedRe: Help with possible virus

more_horiz
Okay, Rick... Let's look a bit closer at the drivers. We are going to purposely make this system reproduce any errors it's having. Please backup your data (many backup sites are free and easy if you don't have one: Box.com, Dropbox.com, OneDrive.com, drive.google.com, etc.). After backing up, please do the following:
Verifier:
in an elevated (run as admin) CMD prompt:
VERIFIER /FLAGS 1 /ALL
Please reboot the computer.

Please upload any minidumps from subsequent crashes for analysis.
Afterwards, when this is all over, go back to default settings by running:
VERIFIER /RESET
Uploading Minidumps:
Upload Dump Files:
NOTE:  If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder.  Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there.  If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP.  If you find it, zip it up and upload it to a free file hosting service.  Then post the link to it in your topic so that we can download it.

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp.  Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file):  http://www.carrona.org/setmini.html

More info on dump file options here: http://support.microsoft.com/kb/254649

descriptionSolvedRe: Help with possible virus

more_horiz
I'm trying to get the information you need. I'm just a dumb Bodyman so it might take some time to figure out how.

descriptionSolvedRe: Help with possible virus

more_horiz
No biggie... If you have too much trouble, just let me know. Sometimes it's good to run some of the tools built into Windows so we don't have to download on your machine a ton of tools (even though we do remove them afterward in convenience). Nonetheless, I do have a couple of other tools that can do the things I'm requesting just above. Let me know how it works out.

descriptionSolvedRe: Help with possible virus

more_horiz
Lets go with another option. I can't get the Verifier to open, the black box flashes on for just a second but never opens.

descriptionSolvedRe: Help with possible virus

more_horiz
Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • List Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
  • List Devices... ALL
  • List MiniDump Files

Click Go and copy/paste the log (Result.txt) into your next post.

descriptionSolvedRe: Help with possible virus

more_horiz
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Rick (administrator) on 21-12-2016 at 04:43:53
Running from "C:\Users\Rick\Downloads"
Microsoft Windows 8.1  (X64)
Model: SX2110G Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-27-EA-2C-4E-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8960:d6e9:915:6362%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 19, 2016 3:41:11 AM
   Lease Expires . . . . . . . . . . : Thursday, December 22, 2016 3:41:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 264805596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d5c:5a30:10d9:3f9d:3f57:feec(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10d9:3f9d:3f57:feec%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:80c::200e
      216.58.217.110


Pinging google.com [216.58.217.110] with 32 bytes of data:
Reply from 216.58.217.110: bytes=32 time=15ms TTL=57
Reply from 216.58.217.110: bytes=32 time=16ms TTL=57

Ping statistics for 216.58.217.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...74 27 ea 2c 4e e7 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.19     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.19    276
     192.168.1.19  255.255.255.255         On-link      192.168.1.19    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.19    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.19    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.19    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:d5c:5a30:10d9:3f9d:3f57:feec/128
                                    On-link
  3    276 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::10d9:3f9d:3f57:feec/128
                                    On-link
  3    276 fe80::8960:d6e9:915:6362/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NETFramework () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 10:40:10 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Data29F0F

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Networking29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for Oracle29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for SqlServer29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NETFramework29F0F


CodeIntegrity Errors:
===================================
  Date: 2016-12-19 03:41:15.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 22:20:05.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 18:29:46.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 15:34:52.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 07:22:30.081
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-04 05:53:52.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:47.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:43.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:38.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:34.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


========================= Devices: ================================

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&1F07340A&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E1AE00000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000033D00000

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES

Name: Speakers (Realtek High Definition Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{D480B40B-9B52-4913-A575-EE0B044FFE6A}

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1719&SUBSYS_00000000&REV_00\3&11583659&0&C7

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1D593F42&0

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\2&DABA3FF&2

Name: HP Deskjet 5150 series
Description: HP Deskjet 5150 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Device ID: USBPRINT\HPDESKJET_5100\6&3257F73&0&USB001

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&92

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&9A

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&B2

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&140F0BF2&0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000019100000

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\THRM

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&140F0BF2&0

Name: Microsoft IPv4 IPv6 Transition Adapter Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\IP_TUNNEL_VBUS\IP_TUNNEL_DEVICE_ROOT

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&140F0BF2&0

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\TEREDOTUNNELINGPSEUDOINTERFACE_0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1716&SUBSYS_00000000&REV_00\3&11583659&0&C6

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&7C1019&0

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\0

Name: AMD PCI IDE Controller
Description: AMD PCI IDE Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: amdide64
Device ID: PCI\VEN_1002&DEV_439C&SUBSYS_05921025&REV_40\3&11583659&0&A1

Name: Acer E202HL (Digital)
Description: Acer E202HL (Digital)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Acer Inc.
Service: monitor
Device ID: DISPLAY\ACR02A4\4&E90CE90&0&UID256

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00\3&11583659&0&AA

Name: ST500DM002-1BD142
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST500DM002-1BD14\4&19F351EC&0&000000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&E8C890&0

Name: HP Deskjet 5150 series
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Hewlett-Packard
Service:
Device ID: SWD\PRINTENUM\{1F3CD055-CD6E-4739-8347-6685715A5650}

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\4&2A04E29&0&0001

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1702&SUBSYS_00000000&REV_00\3&11583659&0&C2

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&140F0BF2&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\ISATAP_0

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Device ID: ROOT\KDNIC\0000

Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10258100&REV_1001\4&1B7D940D&0&0001

Name: AMD Radeon HD 7310 Graphics
Description: AMD Radeon HD 7310 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_9809&SUBSYS_05921025&REV_00\3&11583659&0&08

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_1314&SUBSYS_05921025&REV_00\3&11583659&0&09

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1270D34B&0

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_05921025&REV_06\4&EDB6346&0&00AA

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1718&SUBSYS_00000000&REV_00\3&11583659&0&C5

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&625DA5F&0

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&140F0BF2&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\C8

Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1C26DD86&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1704&SUBSYS_00000000&REV_00\3&11583659&0&C4

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&2A4155E3&0&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: HTREE\ROOT\0

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000

Name: PIONEER DVD-RW DVR-220RS
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_PIONEER&PROD_DVD-RW_DVR-220RS\4&19F351EC&0&010000

Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0800\4&140F0BF2&0

Name: AMD SMBus
Description: AMD SMBus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc
Service:
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_05921025&REV_42\3&11583659&0&A0

Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Device ID: USB\VID_03F0&PID_6204\MY37O3Q09Z7A

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1701&SUBSYS_00000000&REV_00\3&11583659&0&C1

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&2

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40\3&11583659&0&A4

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\14

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\99

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F03\4&140F0BF2&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1510&SUBSYS_15101022&REV_00\3&11583659&0&00

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&140F0BF2&0

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_05921025&REV_40\3&11583659&0&A2

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&90

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&98

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&B0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_1

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_2

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Device ID: ROOT\NDISVIRTUALBUS\0000

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_05921025&REV_40\3&11583659&0&A3

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1700&SUBSYS_00000000&REV_43\3&11583659&0&C0

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\111

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\700

Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci
Device ID: PCI\VEN_1002&DEV_4391&SUBSYS_05921025&REV_40\3&11583659&0&88

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1703&SUBSYS_00000000&REV_00\3&11583659&0&C3

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\E11

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E30C00000

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#000000002BD00000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1022&DEV_1512&SUBSYS_05921025&REV_00\3&11583659&0&20

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00\3&11583659&0&A8

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000000100000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4399&SUBSYS_05921025&REV_00\3&11583659&0&A5


========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3800.02 MB
Available physical RAM: 1554.96 MB
Total Virtual: 4440.02 MB
Available Virtual: 1901.79 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.93 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME

Administrator            Guest                    Rick                     

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

descriptionSolvedRe: Help with possible virus

more_horiz
Before we try to fix Windows Update, do the following please:

Scan with Farbar Recovery Scan Tool

Please re-download Farbar Recovery Scan Tool x64 and save it to your Desktop. There is an updated version available. Smile...

  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

descriptionSolvedRe: Help with possible virus

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Rick (administrator) on HOME (21-12-2016 15:03:37)
Running from C:\Users\Rick\Downloads
Loaded Profiles: Rick (Available Profiles: Rick & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-10-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3076896 2016-10-31] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> {B91B95CE-6BBA-406B-AA86-EFBC0705308D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-12-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-12-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

FireFox:
========
FF DefaultProfile: 94tgnqs0.default-1480888203401
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\user.js [2016-12-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> Google
FF Homepage: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE
FF Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\Extensions\idsafe@norton.com.xpi [2016-12-15]
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\user.js [2016-12-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon [2016-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-22] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-12]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-10-20]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-12-02]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-05-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2016-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-21]
CHR Extension: (WeatherBlink) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Search Incognito) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] -
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1600800 2016-10-21] (IObit)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe [289080 2016-11-12] (Symantec Corporation)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2015-11-08] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2013-12-24] (Advanced Micro Devices, Inc.)
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [101376 2016-07-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NSBU; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\ccSetx64.sys [174328 2016-11-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-09-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-15] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-28] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\IPSDefs\20161221.001\IDSvia64.sys [1038032 2016-12-16] (Symantec Corporation)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-07-27] (IObit.com)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SymELAM.sys [24192 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 15:01 - 2016-12-21 15:01 - 00001431 _____ C:\Users\Rick\Desktop\FRST64(1).lnk
2016-12-21 14:59 - 2016-12-21 14:59 - 00002876 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Rick)
2016-12-21 14:58 - 2016-12-21 14:58 - 02420736 _____ (Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
2016-12-21 04:43 - 2016-12-21 04:44 - 00042649 _____ C:\Users\Rick\Downloads\MTB.txt
2016-12-21 04:42 - 2016-12-21 04:42 - 00892416 _____ (Farbar) C:\Users\Rick\Downloads\MiniToolBox.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 16:08 - 2016-12-17 16:08 - 00000000 __SHD C:\found.000
2016-12-16 22:04 - 2016-12-16 22:04 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-12-16 17:34 - 2016-12-16 17:43 - 00000000 ____D C:\Users\Rick\Desktop\Tweaking.com - Windows Repair
2016-12-16 13:09 - 2016-12-16 13:11 - 00000000 ____D C:\Users\Rick\Documents\tweaking.com_windows_repair_aio
2016-12-16 13:00 - 2016-12-16 13:00 - 00001999 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-16 13:00 - 2016-12-16 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-15 20:38 - 2016-12-15 20:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-12-15 20:30 - 2016-12-15 20:30 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-12-15 20:30 - 2016-12-15 20:30 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-12-15 20:30 - 2016-12-15 20:30 - 00003240 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-12-15 20:30 - 2016-12-15 20:30 - 00002573 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk
2016-12-15 20:28 - 2016-12-15 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-12-15 20:28 - 2016-12-15 20:29 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2016-12-15 20:23 - 2016-12-15 20:23 - 01101176 _____ (Symantec Corporation) C:\Users\Rick\Downloads\NortonNSBUDownloader(1).exe
2016-12-15 17:19 - 2016-12-15 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 17:54 - 2016-12-13 17:54 - 00000000 ____D C:\ProgramData\Symantec
2016-12-13 17:33 - 2016-12-13 17:33 - 00900344 _____ C:\Users\Rick\Downloads\Norton_Removal_Tool.exe
2016-12-13 15:17 - 2016-12-13 15:17 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(3).exe
2016-12-13 15:14 - 2016-12-13 15:14 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(2).exe
2016-12-13 15:12 - 2016-12-13 15:12 - 00003112 _____ C:\WINDOWS\System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2}
2016-12-13 15:11 - 2016-12-13 15:11 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(1).exe
2016-12-13 15:09 - 2016-12-13 15:09 - 00003106 _____ C:\WINDOWS\System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8}
2016-12-13 15:08 - 2016-12-13 15:08 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT.exe
2016-12-13 03:37 - 2016-12-13 03:44 - 00001192 _____ C:\Users\Rick\Desktop\Scan log.txt
2016-12-12 20:46 - 2016-12-17 14:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-12 20:44 - 2016-12-12 20:45 - 51969976 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-12 14:55 - 2016-12-13 15:27 - 00000000 ____D C:\Program Files\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\Program Files\Speccy
2016-12-12 14:53 - 2016-12-12 14:53 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(2).exe
2016-12-12 14:49 - 2016-12-12 14:49 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(1).exe
2016-12-12 14:45 - 2016-12-12 14:45 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130.exe
2016-12-05 20:40 - 2016-12-05 20:40 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-12-05 16:26 - 2016-12-05 16:27 - 00000115 _____ C:\Users\Rick\Desktop\Geek Police.url
2016-12-05 15:21 - 2016-12-05 15:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-12-05 15:21 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-12-05 15:20 - 2016-12-05 15:20 - 00003004 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2016-12-05 15:20 - 2016-12-05 15:20 - 00003002 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-12-05 15:20 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2016-12-05 15:19 - 2016-12-05 15:19 - 00001204 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00001181 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-12-05 04:33 - 2016-12-05 04:33 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2016-12-04 16:50 - 2016-12-14 15:27 - 00000000 ____D C:\Users\Rick\Desktop\Old Firefox Data
2016-12-04 16:45 - 2016-12-21 15:05 - 00000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2016-12-04 13:31 - 2016-12-04 13:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-04 13:18 - 2016-12-04 13:18 - 00946696 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2016-12-04 13:18 - 2016-12-04 13:18 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-12-04 13:10 - 2016-12-04 13:32 - 00002301 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-04 13:10 - 2016-12-04 13:10 - 00003244 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-12-04 13:10 - 2016-12-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-12-04 13:07 - 2016-12-04 13:08 - 17138387 _____ (IObit ) C:\Users\Rick\Downloads\driver_booster_setup (1).exe
2016-12-04 12:41 - 2016-12-16 13:27 - 00000286 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job
2016-12-04 12:41 - 2016-12-04 12:41 - 00002384 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Rick
2016-12-04 12:40 - 2016-12-04 12:40 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00001391 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-12-04 12:39 - 2016-12-04 12:39 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2016-12-04 12:39 - 2016-12-04 12:39 - 00002808 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_Rick
2016-12-04 12:38 - 2016-12-19 04:09 - 00002291 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2016-12-04 10:57 - 2016-12-04 12:26 - 00851968 _____ C:\WINDOWS\system32\SxsTrace.etl
2016-12-03 17:43 - 2016-12-03 17:43 - 00000329 _____ C:\Users\Rick\Downloads\Pork Butt Rub (2).txt
2016-11-29 16:32 - 2016-11-29 16:32 - 21041152 _____ C:\Users\Rick\Downloads\System.evtx
2016-11-29 16:17 - 2016-11-29 16:17 - 21041152 _____ C:\Users\Rick\Downloads\Applications.evtx
2016-11-29 05:06 - 2016-11-29 05:06 - 03070451 _____ C:\Users\Rick\Documents\System.zip
2016-11-28 21:01 - 2016-11-28 21:02 - 02042944 _____ C:\Users\Rick\Documents\Applications.zip
2016-11-28 20:58 - 2016-11-28 20:58 - 21041152 _____ C:\Users\Rick\Documents\System.evtx
2016-11-28 20:57 - 2016-11-28 20:57 - 21041152 _____ C:\Users\Rick\Documents\Applications.evtx
2016-11-28 19:27 - 2016-11-28 19:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rick\Downloads\rkill.scr
2016-11-28 16:19 - 2016-11-28 16:19 - 01631928 _____ (Malwarebytes) C:\Users\Rick\Downloads\JRT.exe
2016-11-28 16:10 - 2016-11-28 16:10 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (2).exe
2016-11-28 16:08 - 2016-11-28 16:08 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (1).exe
2016-11-28 16:07 - 2016-11-28 16:07 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64.exe
2016-11-27 19:15 - 2016-11-27 19:16 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-11-27 18:55 - 2016-11-27 18:55 - 03910208 _____ C:\Users\Rick\Downloads\adwcleaner_6.030.exe
2016-11-27 18:38 - 2016-11-27 18:38 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-27 17:33 - 2016-11-27 18:25 - 00034543 _____ C:\Users\Rick\Downloads\Addition.txt
2016-11-27 17:29 - 2016-12-21 15:04 - 00021525 _____ C:\Users\Rick\Downloads\FRST.txt
2016-11-27 17:28 - 2016-12-21 15:03 - 00000000 ____D C:\FRST
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0.apk
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0 (1).apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 14:59 - 2013-05-21 18:32 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3431173695-69639140-411144729-1002
2016-12-21 14:54 - 2014-01-12 23:30 - 00000000 ___DO C:\Users\Rick\SkyDrive
2016-12-21 14:14 - 2014-05-04 20:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-21 13:33 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-21 07:27 - 2015-12-03 19:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-19 04:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-19 03:45 - 2013-11-14 02:28 - 00799036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-19 03:41 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 02:37 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-18 18:19 - 2013-11-19 21:26 - 00000000 ____D C:\ProgramData\ProductData
2016-12-17 22:40 - 2013-08-14 04:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 22:32 - 2013-05-22 18:10 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 22:18 - 2014-01-15 22:11 - 87736320 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 05742592 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00061440 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00024576 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-12-17 14:52 - 2013-05-21 18:24 - 00000000 ____D C:\Users\Rick\AppData\Local\Packages
2016-12-17 07:22 - 2013-08-22 09:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 22:27 - 2013-05-22 05:18 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2016-12-16 22:21 - 2014-12-16 13:13 - 00000000 ____D C:\Users\Guest\Desktop\Vicki Lynn Stief_files
2016-12-16 22:21 - 2014-12-03 11:19 - 00000000 ____D C:\Users\Guest\Desktop\Facebook_files
2016-12-16 22:21 - 2014-11-15 11:24 - 00000000 ____D C:\Users\Guest\Desktop\Account Info_files
2016-12-16 22:21 - 2014-11-15 10:42 - 00000000 ____D C:\Users\Guest\Desktop\Remedy by our Grandmothers for Treating Asthma, Bronchitis, Coughs and Lung Problems - Daily Nutrition News_files
2016-12-16 22:21 - 2014-11-12 09:34 - 00000000 ____D C:\Users\Guest\Desktop\The 18 signs of a psychopath _ Health - WGAL Home_files
2016-12-16 22:21 - 2014-10-22 13:35 - 00000000 ____D C:\Users\Guest\Desktop\Classic - Miss Lippy By Vicki Stief (boobahh52) on Myspace_files
2016-12-16 22:21 - 2014-10-21 11:20 - 00000000 ____D C:\Users\Guest\Desktop\Natural Remedy to Rid of Wrinkles _ Health Digezt_files
2016-12-16 22:21 - 2014-10-18 10:44 - 00000000 ____D C:\Users\Guest\Desktop\Club Pogo  YAHTZEE Party!_files
2016-12-16 22:21 - 2014-09-27 21:34 - 00000000 ____D C:\Users\Guest\Desktop\12 Ways Multiple Sclerosis Affects the Body_files
2016-12-16 22:19 - 2013-08-22 08:25 - 00000128 _____ C:\WINDOWS\win.ini
2016-12-16 18:13 - 2013-11-09 20:31 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 18:13 - 2013-11-09 20:31 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 13:26 - 2014-05-16 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-16 13:00 - 2014-11-21 10:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-16 13:00 - 2013-08-22 08:25 - 00000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_236
2016-12-15 20:41 - 2012-08-28 07:07 - 00000000 ____D C:\ProgramData\Norton
2016-12-15 20:37 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-15 20:30 - 2016-05-17 14:32 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-12-15 20:30 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-15 20:28 - 2012-08-28 07:07 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-12-15 20:24 - 2016-05-15 09:27 - 00001298 _____ C:\Users\Rick\Desktop\Norton Installation Files.lnk
2016-12-15 20:24 - 2014-05-03 05:11 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-12-14 19:15 - 2016-01-15 19:55 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:15 - 2016-01-15 19:55 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 19:15 - 2014-05-04 20:08 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 18:03 - 2014-01-12 23:31 - 00003762 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE73BFD4-8A76-4CEF-9A5E-A3B42F8E01F8}
2016-12-13 15:42 - 2013-09-05 17:30 - 00000000 ____D C:\Users\Rick\AppData\Roaming\PhotoScape
2016-12-13 15:11 - 2013-08-13 04:54 - 00000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2016-12-10 14:41 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Rick
2016-12-10 11:39 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Guest
2016-12-06 21:21 - 2013-10-31 05:29 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\IObit
2016-12-06 12:47 - 2013-11-11 13:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-12-05 21:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Performance
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\ProgramData\IObit
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-05 15:19 - 2013-05-22 05:12 - 00000000 ____D C:\Users\Rick\AppData\Roaming\IObit
2016-12-05 09:18 - 2014-04-29 05:56 - 74821632 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2016-12-04 16:44 - 2014-06-08 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-04 13:31 - 2015-02-11 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-04 13:28 - 2013-06-25 05:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-04 13:25 - 2014-06-24 18:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-04 12:39 - 2015-12-16 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-12-04 12:31 - 2013-09-29 21:20 - 00000000 ____D C:\Users\Rick\AppData\Local\Google
2016-12-04 12:30 - 2016-05-17 14:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-11-29 05:05 - 2015-12-01 17:51 - 00000000 ____D C:\Users\Rick\Documents\Swiss Beach_files
2016-11-27 16:37 - 2016-04-05 14:21 - 00000000 ____D C:\Users\Rick\Desktop\List of Emoticons for Facebook - Facebook Symbols and Chat Emoticons_files
2016-11-27 16:37 - 2015-12-24 17:10 - 00000000 ____D C:\Users\Rick\Desktop\MyLGHealth - Login Page_files
2016-11-27 16:37 - 2015-12-09 16:21 - 00000000 ____D C:\Users\Rick\Documents\Pervertians_files
2016-11-27 16:37 - 2015-12-07 18:31 - 00000000 ____D C:\Users\Rick\Documents\Stalkerish _ We Find the Hottest Girls on the Web For You_files
2016-11-27 16:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-11-27 16:30 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-11-26 10:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-06-19 14:13 - 2014-06-19 14:13 - 0000024 _____ () C:\Users\Rick\AppData\Roaming\temp.ini
2014-01-12 22:53 - 2014-01-12 22:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-19 05:22

==================== End of FRST.txt ============================

descriptionSolvedRe: Help with possible virus

more_horiz
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Rick (21-12-2016 15:07:00)
Running from C:\Users\Rick\Downloads
Windows 8.1 (Update) (X64) (2014-01-13 04:26:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3431173695-69639140-411144729-500 - Administrator - Disabled)
Guest (S-1-5-21-3431173695-69639140-411144729-501 - Limited - Disabled) => C:\Users\Guest
Rick (S-1-5-21-3431173695-69639140-411144729-1002 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerateTab (HKLM-x32\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adult Emoticons and Avatars (HKLM-x32\...\Adult Emoticons and Avatars) (Version:  - Sherv.NET)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.0.3 - IObit)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
IObit Apps Toolbar v9.1 (HKLM-x32\...\{BAADB485-50A5-4E37-AE32-04F35DCEC14B}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.469.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Norton Security (HKLM-x32\...\NSBU) (Version: 22.8.1.14 - Symantec Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 3.1.0.2 - IObit)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB1795-04AD-46BA-A86B-8D0D96BCA903} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {25370D1F-AB0C-4AD8-8FD2-43FEE38C9927} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-11-10] (IObit)
Task: {2D65F4E3-D049-45A5-9CFA-42237233D401} - System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT.exe -d C:\Users\Rick\Downloads
Task: {30A684AF-3445-4816-9CD6-EAC2D9ABC406} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {38320A16-69CF-4FB4-8132-212CC2BC19D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\WINDOWS\system32\GWX\GWXConfigManager.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4264D1D5-0C65-4DC5-B27E-BE53D0FAC3AB} - System32\Tasks\Uninstaller_SkipUac_Rick => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {48CF1E55-8C35-4806-8361-69AF4B249DF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {4B0224BB-A1FD-417B-B68D-9DD36B3A3C55} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {4B305338-B260-4DC3-8386-3B20A442F2E9} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {52F1803B-E997-47F1-9809-556C6F895176} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-03-20] ()
Task: {5F3932DA-63A4-4957-A8D6-8C52E3818DD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6C0197EF-3FF9-47DB-A918-14AEA4A5CDC5} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-08] (IObit)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {74DD6AED-2B78-4F15-8535-539754CEB0EA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {8E799522-D9C8-4D55-8B38-4E692F97FF4E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {8FCDC074-3E08-4AC6-85BD-C1446E7959F0} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {94325F09-D9D7-442A-B318-C15C7ADAB73C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {9EE109CB-DE88-4556-B754-318F6444D61B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {B16ECAAC-D07B-4BFF-A1D5-5165B2433D79} - System32\Tasks\ASC10_SkipUac_Rick => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-11-11] (IObit)
Task: {B1C35841-A6E0-4178-B386-05672B61207B} - System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT(1).exe -d C:\Users\Rick\Downloads
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C273A462-4CFB-4AA0-8467-47FE55DF4155} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {C3A104BE-C907-43D7-8D59-B6C293CFB7FF} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {C86BE6BB-C54D-46AA-9954-69E267D795C4} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D09BA7A6-1E04-448E-8E9A-C124A5EB71ED} - System32\Tasks\Driver Booster SkipUAC (Rick) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {D814DFA0-0D39-4717-8588-C75BB62A16B1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {DB8B83BA-107E-46E0-A6A5-25E516880E85} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {E77C213F-FF82-47FA-812F-3B8CFFF4F3E4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {EF94806C-EEDE-499D-8F49-73A274E53A78} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {F69FC3D9-9077-46E5-BB74-BE9A82DD9738} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-11] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rick\Favorites\Gateway\Gateway.lnk -> hxxp://www.gateway.com/

==================== Loaded Modules (Whitelisted) ==============

2016-12-04 12:40 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-21 18:56 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-12-04 12:38 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-12-04 12:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2016-12-05 15:19 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-12-05 15:19 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00355616 _____ () C:\Program Files (x86)\IObit\Classic Start\madExcept_.bpl
2016-10-21 18:55 - 2015-12-29 10:29 - 00190240 _____ () C:\Program Files (x86)\IObit\Classic Start\madBasic_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00057632 _____ () C:\Program Files (x86)\IObit\Classic Start\madDisAsm_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00275576 _____ () C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00059680 _____ () C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:31 - 00047904 _____ () C:\Program Files (x86)\IObit\Classic Start\winkey.dll
2016-12-04 12:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-12-04 12:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-12-04 12:40 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-12-04 12:40 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-16 22:20 - 2016-12-16 22:20 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3431173695-69639140-411144729-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\10924721_846524365397807_6267246092458262385_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SearchSettings"
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{88DC0B4A-8DAA-4E99-873E-86CC8CAEB68A}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{74B44DF6-AA11-411A-BB22-2916A49541CE}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{20C6A0BE-B768-43E3-9CE3-34667EC258A3}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9366FACF-BB72-4C31-99BA-7C5A1FBD72A9}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B498646-29BA-4BAC-8561-4693EB1F74FB}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}] => C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{CFA4E105-EA7C-467A-8B4C-C585732AC972}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C05799A-6948-43D4-BDA6-E5177D828E6E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF64259A-7933-4C09-B486-40DF487ACFE6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4DF57E0-AD3D-41C1-B760-2426DF39A632}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8683892-3081-473C-8AF6-7763F65993E6}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{56A5F014-4744-43D8-973C-4F861743EF9C}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BE0D0BF1-7A31-42DE-8A5D-39F273F5DD4A}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B5715047-7AAF-4CFF-A77E-40AFA509CB8D}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{7672CCCB-6DBD-457B-AD7B-812A137FB397}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{4E945D23-AEE4-4961-ABE6-3CBFEA02D0AC}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{F6005C09-3EC6-4E6E-AC87-4B6EC2DDEE95}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{C3570ECB-1D19-483E-9541-CD9728E373E0}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{87183292-B196-4AED-8BFE-087AB3470FF6}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{13ADA62A-18C0-437B-831E-A5C5D1C4FD56}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{D3B237C3-2FA0-4AFF-A012-5608A162625C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7952446B-EC3B-4639-925F-077C431DBF4F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{0F371085-04B0-4CBE-9820-B1DE3A63544D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2016 16:32:40 Scheduled Checkpoint
16-12-2016 05:25:07 Windows Modules Installer
16-12-2016 19:45:48 Tweaking.com - Windows Repair
17-12-2016 19:39:32 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2016 03:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 21.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 898

Start Time: 01d25bc4b6fbec4b

Termination Time: 153

Application Path: C:\Users\Rick\Downloads\FRST64(1).exe

Report Id: 17b8459e-c7b8-11e6-871d-7427ea2c4ee7

Faulting package full name:

Faulting package-relative application ID:

Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


CodeIntegrity:
===================================
  Date: 2016-12-19 03:41:15.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 22:20:05.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 18:29:46.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 15:34:52.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 07:22:30.081
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-04 05:53:52.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:47.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:43.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:38.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:34.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3800.02 MB
Available physical RAM: 1718.64 MB
Total Virtual: 4440.02 MB
Available Virtual: 2100 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2AD815CD)

Partition: GPT.

==================== End of Addition.txt ============================

descriptionSolvedRe: Help with possible virus

more_horiz
Hello again,

It seems that there are a few things to fix here. Let me know once the fixes are complete whether it worked and if the system is better...

Do you know these Chrome Extensions:
CHR Extension: (
Search Incognito
) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]

CHR Extension: (
WeatherBlink
) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]




Fix with Farbar Recovery Scan Tool

Note to outside visitors: This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


  • Right-click on FRST icon and select Run as Administrator to start the tool.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.


Please post it to your reply.

descriptionSolvedRe: Help with possible virus

more_horiz
We need to try something else
Should I still have Norton disabled?

descriptionSolvedRe: Help with possible virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum