Help with possible virus

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Help with possible virus13th December 2016, 2:58 pm

I would like to do a troubleshooting step. Please ensure to write down the product key for your Norton Security software...

Completely Uninstall Norton software using:

SymNRT.exe

Instructions

Please download and save SymNRT.exe to your desktop.
Close all programs and double click on the tool.
Follow the on-screen instructions.
Restart the computer if asked.
Then delete the SymNRT.exe tool from your desktop.
Open the Program Files folder on your local disk ( normally C: )
Find and delete the following folders (if present):
- Norton AntiVirus
- Norton Internet Security
- Norton SystemWorks
- Norton Personal Firewall

Re: Help with possible virus13th December 2016, 8:19 pm

Removal tool cannot be run on 64 bit edition

Re: Help with possible virus13th December 2016, 8:25 pm

Try this link please: https://www.bleepingcomputer.com/download/norton-removal-tool/

Re: Help with possible virus13th December 2016, 10:59 pm

That ran and Norton is uninstalled

Re: Help with possible virus14th December 2016, 1:45 am

Windows Defender should have re-enabled itself. Run the computer normally for a couple of days and let me know if it seems faster, or if we need to do anymore troubleshooting. Help with possible virus - Page 2 1f603

Re: Help with possible virus15th December 2016, 10:36 pm

The computer isn't running any better in this configuration. Maybe worse than when we started.

Re: Help with possible virus15th December 2016, 10:42 pm

Okay, time to reinstall Norton Security. Hope it works out. Let me know how it runs! Smile...

Re: Help with possible virus16th December 2016, 10:36 am

Norton is re-installed and all updates ran. Pages load really slow

Re: Help with possible virus16th December 2016, 3:57 pm

Okay... good. Now, let's continue in all patience and diligence...

Help with possible virus - Page 2 1f37b

I believe your security settings are a bit out of sorts, let's do the following please:

Tweaking.com - Windows Repair All-In-One (Portable) Help with possible virus - Page 2 1f527

- Download Windows Repair All-In-One (Portable Version) from Help with possible virus - Page 2 25b6

here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on Help with possible virus - Page 2 QfBzvq1

Help with possible virus - Page 2 QfBzvq1

and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
Help with possible virus - Page 2 2757

(Windows Vista/7/8 users: Accept UAC warning if it is enabled.) Help with possible virus - Page 2 2757

- A window will appear. Click Step 2.
Help with possible virus - Page 2 2f8o60N

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.
Help with possible virus - Page 2 Ymy7crZ

Help with possible virus - Page 2 Ymy7crZ

- Go to Step 4, then click Do It.
Help with possible virus - Page 2 ZDtdN75

- Go to Step 5. Under System Restore click Create.
Help with possible virus - Page 2 F7lEe1N

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
Help with possible virus - Page 2 PGv2vtD

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply. Help with possible virus - Page 2 1f4e4

Re: Help with possible virus17th December 2016, 8:07 pm

Logs

Re: Help with possible virus17th December 2016, 8:10 pm

CHKDSK /R /F:
Run CHKDSK /R /F from an elevated (Run as adminstrator) Command Prompt. Please do this for each hard drive on your system.

When it tells you it can't do it right now - and asks you if you'd like to do it at the next reboot - answer Y (for Yes) and press Enter. Then reboot and let the test run. It may take a while for it to run, but keep an occasional eye on it to see if it generates any errors. See "CHKDSK LogFile" below in order to check the results of the test.

Re: Help with possible virus17th December 2016, 11:55 pm

Log Name:      Application
Source:        Chkdsk
Date:          12/16/2016 6:45:29 PM
Event ID:      26213
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Home
Description:
Chkdsk was executed in read-only mode. A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...


495872 file records processed.

File verification completed.


18987 large file records processed.



0 bad file records processed.

Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.

Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.


571706 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

Event Xml:


    26213
    4
    0
    0x80000000000000

    280902
    Application
    Home




Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...


495872 file records processed.

File verification completed.


18987 large file records processed.



0 bad file records processed.

Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.

Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.


571706 index entries processed.

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

    0091070016FB0300792D0500000000007B0700007D0000000000000000000000

Re: Help with possible virus18th December 2016, 12:47 am

How did you run CHKDSK?

It should be run in CHKDSK /R /F to ensure that it fixes it.

Please try again, but ensure there is one space in between CHKDSK and /R and one space between /R and /F.

Re: Help with possible virus18th December 2016, 10:39 am

New logs

Re: Help with possible virus18th December 2016, 7:47 pm

Okay, Rick... Let's look a bit closer at the drivers. We are going to purposely make this system reproduce any errors it's having. Please backup your data (many backup sites are free and easy if you don't have one: Box.com, Dropbox.com, OneDrive.com, drive.google.com, etc.). After backing up, please do the following:

Verifier:
in an elevated (run as admin) CMD prompt:
VERIFIER /FLAGS 1 /ALL
Please reboot the computer.

Please upload any minidumps from subsequent crashes for analysis.
Afterwards, when this is all over, go back to default settings by running:
VERIFIER /RESET

Uploading Minidumps:
Upload Dump Files:
NOTE: If using a disk cleaning utility, please stop using it while we are troubleshooting your issues.
Please go to C:\Windows\Minidump and zip up the contents of the folder. Then upload/attach the .zip file with your next post.
Left click on the first minidump file.
Hold down the "Shift" key and left click on the last minidump file.
Right click on the blue highlighted area and select "Send to"
Select "Compressed (zipped) folder" and note where the folder is saved.
Upload that .zip file with your next post.

If you have issues with "Access Denied" errors, try copying the files to your desktop and zipping them up from there. If it still won't let you zip them up, post back for further advice.

If you don't have anything in that folder, please check in C:\Windows for a file named MEMORY.DMP. If you find it, zip it up and upload it to a free file hosting service. Then post the link to it in your topic so that we can download it.

Also, search your entire hard drive for files ending in .dmp, .mdmp, and .hdmp. Zip up any that you find and upload them with your next post.

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html

More info on dump file options here: http://support.microsoft.com/kb/254649

Re: Help with possible virus20th December 2016, 8:06 pm

I'm trying to get the information you need. I'm just a dumb Bodyman so it might take some time to figure out how.

Re: Help with possible virus20th December 2016, 8:39 pm

No biggie... If you have too much trouble, just let me know. Sometimes it's good to run some of the tools built into Windows so we don't have to download on your machine a ton of tools (even though we do remove them afterward in convenience). Nonetheless, I do have a couple of other tools that can do the things I'm requesting just above. Let me know how it works out.

Re: Help with possible virus20th December 2016, 11:56 pm

Lets go with another option. I can't get the Verifier to open, the black box flashes on for just a second but never opens.

Re: Help with possible virus21st December 2016, 1:30 am

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP Configuration
List Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
List Devices... ALL

List MiniDump Files

Click Go and copy/paste the log (Result.txt) into your next post.

Re: Help with possible virus21st December 2016, 9:46 am

MiniToolBox by Farbar Version: 17-06-2016
Ran by Rick (administrator) on 21-12-2016 at 04:43:53
Running from "C:\Users\Rick\Downloads"
Microsoft Windows 8.1 (X64)
Model: SX2110G Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-27-EA-2C-4E-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8960:d6e9:915:6362%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 19, 2016 3:41:11 AM
   Lease Expires . . . . . . . . . . : Thursday, December 22, 2016 3:41:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 264805596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d5c:5a30:10d9:3f9d:3f57:feec(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10d9:3f9d:3f57:feec%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name:    google.com
Addresses: 2607:f8b0:4004:80c::200e
      216.58.217.110

Pinging google.com [216.58.217.110] with 32 bytes of data:
Reply from 216.58.217.110: bytes=32 time=15ms TTL=57
Reply from 216.58.217.110: bytes=32 time=16ms TTL=57

Ping statistics for 216.58.217.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server: UnKnown
Address: 192.168.1.1

Name:    yahoo.com
Addresses: 2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.183.24
      98.138.253.109
      206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
3...74 27 ea 2c 4e e7 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.19     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    306
127.255.255.255 255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.19    276
     192.168.1.19 255.255.255.255         On-link      192.168.1.19    276
    192.168.1.255 255.255.255.255         On-link      192.168.1.19    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.19    276
255.255.255.255 255.255.255.255         On-link         127.0.0.1    306
255.255.255.255 255.255.255.255         On-link      192.168.1.19    276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
5    306 ::/0                     On-link
1    306 ::1/128                  On-link
5    306 2001::/32                On-link
5    306 2001:0:d5c:5a30:10d9:3f9d:3f57:feec/128
                                    On-link
3    276 fe80::/64                On-link
5    306 fe80::/64                On-link
5    306 fe80::10d9:3f9d:3f57:feec/128
                                    On-link
3    276 fe80::8960:d6e9:915:6362/128
                                    On-link
1    306 ff00::/8                 On-link
3    276 ff00::/8                 On-link
5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NETFramework () failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:
=========================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 10:40:10 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Data29F0F

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Networking29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for Oracle29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for SqlServer29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NETFramework29F0F

CodeIntegrity Errors:
===================================
Date: 2016-12-19 03:41:15.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 22:20:05.330
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 18:29:46.412
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 15:34:52.095
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 07:22:30.081
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-04 05:53:52.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:47.567
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:43.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:38.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:34.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

========================= Devices: ================================

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&1F07340A&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E1AE00000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000033D00000

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES

Name: Speakers (Realtek High Definition Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{D480B40B-9B52-4913-A575-EE0B044FFE6A}

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1719&SUBSYS_00000000&REV_00\3&11583659&0&C7

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1D593F42&0

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\2&DABA3FF&2

Name: HP Deskjet 5150 series
Description: HP Deskjet 5150 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Device ID: USBPRINT\HPDESKJET_5100\6&3257F73&0&USB001

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&92

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&9A

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&B2

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&140F0BF2&0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000019100000

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\THRM

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&140F0BF2&0

Name: Microsoft IPv4 IPv6 Transition Adapter Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\IP_TUNNEL_VBUS\IP_TUNNEL_DEVICE_ROOT

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&140F0BF2&0

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\TEREDOTUNNELINGPSEUDOINTERFACE_0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1716&SUBSYS_00000000&REV_00\3&11583659&0&C6

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&7C1019&0

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\0

Name: AMD PCI IDE Controller
Description: AMD PCI IDE Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: amdide64
Device ID: PCI\VEN_1002&DEV_439C&SUBSYS_05921025&REV_40\3&11583659&0&A1

Name: Acer E202HL (Digital)
Description: Acer E202HL (Digital)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Acer Inc.
Service: monitor
Device ID: DISPLAY\ACR02A4\4&E90CE90&0&UID256

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00\3&11583659&0&AA

Name: ST500DM002-1BD142
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST500DM002-1BD14\4&19F351EC&0&000000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&E8C890&0

Name: HP Deskjet 5150 series
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Hewlett-Packard
Service:
Device ID: SWD\PRINTENUM\{1F3CD055-CD6E-4739-8347-6685715A5650}

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\4&2A04E29&0&0001

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1702&SUBSYS_00000000&REV_00\3&11583659&0&C2

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&140F0BF2&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\ISATAP_0

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Device ID: ROOT\KDNIC\0000

Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10258100&REV_1001\4&1B7D940D&0&0001

Name: AMD Radeon HD 7310 Graphics
Description: AMD Radeon HD 7310 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_9809&SUBSYS_05921025&REV_00\3&11583659&0&08

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_1314&SUBSYS_05921025&REV_00\3&11583659&0&09

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1270D34B&0

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_05921025&REV_06\4&EDB6346&0&00AA

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1718&SUBSYS_00000000&REV_00\3&11583659&0&C5

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&625DA5F&0

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&140F0BF2&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\C8

Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1C26DD86&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1704&SUBSYS_00000000&REV_00\3&11583659&0&C4

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&2A4155E3&0&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: HTREE\ROOT\0

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000

Name: PIONEER DVD-RW DVR-220RS
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_PIONEER&PROD_DVD-RW_DVR-220RS\4&19F351EC&0&010000

Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0800\4&140F0BF2&0

Name: AMD SMBus
Description: AMD SMBus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc
Service:
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_05921025&REV_42\3&11583659&0&A0

Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Device ID: USB\VID_03F0&PID_6204\MY37O3Q09Z7A

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1701&SUBSYS_00000000&REV_00\3&11583659&0&C1

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&2

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40\3&11583659&0&A4

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\14

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\99

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F03\4&140F0BF2&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1510&SUBSYS_15101022&REV_00\3&11583659&0&00

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&140F0BF2&0

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_05921025&REV_40\3&11583659&0&A2

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&90

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&98

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&B0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_1

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_2

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Device ID: ROOT\NDISVIRTUALBUS\0000

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_05921025&REV_40\3&11583659&0&A3

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1700&SUBSYS_00000000&REV_43\3&11583659&0&C0

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\111

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\700

Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci
Device ID: PCI\VEN_1002&DEV_4391&SUBSYS_05921025&REV_40\3&11583659&0&88

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1703&SUBSYS_00000000&REV_00\3&11583659&0&C3

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\E11

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E30C00000

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#000000002BD00000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1022&DEV_1512&SUBSYS_05921025&REV_00\3&11583659&0&20

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00\3&11583659&0&A8

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000000100000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4399&SUBSYS_05921025&REV_00\3&11583659&0&A5

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3800.02 MB
Available physical RAM: 1554.96 MB
Total Virtual: 4440.02 MB
Available Virtual: 1901.79 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.93 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME

Administrator            Guest                    Rick

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Re: Help with possible virus21st December 2016, 6:41 pm

Before we try to fix Windows Update, do the following please:

Scan with Farbar Recovery Scan Tool

Please re-download Farbar Recovery Scan Tool x64 and save it to your Desktop. There is an updated version available. Smile...

Right-click on FRST icon and select Run as Administrator to start the tool.
When the tool opens click Yes to disclaimer.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

Re: Help with possible virus21st December 2016, 8:12 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Rick (administrator) on HOME (21-12-2016 15:03:37)
Running from C:\Users\Rick\Downloads
Loaded Profiles: Rick (Available Profiles: Rick & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-10-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3076896 2016-10-31] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> {B91B95CE-6BBA-406B-AA86-EFBC0705308D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-12-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-12-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

FireFox:
========
FF DefaultProfile: 94tgnqs0.default-1480888203401
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\user.js [2016-12-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> Google
FF Homepage: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE
FF Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\Extensions\idsafe@norton.com.xpi [2016-12-15]
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\user.js [2016-12-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon [2016-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-22] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-12]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-10-20]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-12-02]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-05-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2016-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-21]
CHR Extension: (WeatherBlink) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Search Incognito) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] -
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1600800 2016-10-21] (IObit)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe [289080 2016-11-12] (Symantec Corporation)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2015-11-08] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2013-12-24] (Advanced Micro Devices, Inc.)
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [101376 2016-07-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NSBU; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\ccSetx64.sys [174328 2016-11-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-09-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-15] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-28] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\IPSDefs\20161221.001\IDSvia64.sys [1038032 2016-12-16] (Symantec Corporation)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-07-27] (IObit.com)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SymELAM.sys [24192 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 15:01 - 2016-12-21 15:01 - 00001431 _____ C:\Users\Rick\Desktop\FRST64(1).lnk
2016-12-21 14:59 - 2016-12-21 14:59 - 00002876 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Rick)
2016-12-21 14:58 - 2016-12-21 14:58 - 02420736 _____ (Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
2016-12-21 04:43 - 2016-12-21 04:44 - 00042649 _____ C:\Users\Rick\Downloads\MTB.txt
2016-12-21 04:42 - 2016-12-21 04:42 - 00892416 _____ (Farbar) C:\Users\Rick\Downloads\MiniToolBox.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 16:08 - 2016-12-17 16:08 - 00000000 __SHD C:\found.000
2016-12-16 22:04 - 2016-12-16 22:04 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-12-16 17:34 - 2016-12-16 17:43 - 00000000 ____D C:\Users\Rick\Desktop\Tweaking.com - Windows Repair
2016-12-16 13:09 - 2016-12-16 13:11 - 00000000 ____D C:\Users\Rick\Documents\tweaking.com_windows_repair_aio
2016-12-16 13:00 - 2016-12-16 13:00 - 00001999 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-16 13:00 - 2016-12-16 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-15 20:38 - 2016-12-15 20:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-12-15 20:30 - 2016-12-15 20:30 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-12-15 20:30 - 2016-12-15 20:30 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-12-15 20:30 - 2016-12-15 20:30 - 00003240 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-12-15 20:30 - 2016-12-15 20:30 - 00002573 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk
2016-12-15 20:28 - 2016-12-15 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-12-15 20:28 - 2016-12-15 20:29 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2016-12-15 20:23 - 2016-12-15 20:23 - 01101176 _____ (Symantec Corporation) C:\Users\Rick\Downloads\NortonNSBUDownloader(1).exe
2016-12-15 17:19 - 2016-12-15 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 17:54 - 2016-12-13 17:54 - 00000000 ____D C:\ProgramData\Symantec
2016-12-13 17:33 - 2016-12-13 17:33 - 00900344 _____ C:\Users\Rick\Downloads\Norton_Removal_Tool.exe
2016-12-13 15:17 - 2016-12-13 15:17 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(3).exe
2016-12-13 15:14 - 2016-12-13 15:14 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(2).exe
2016-12-13 15:12 - 2016-12-13 15:12 - 00003112 _____ C:\WINDOWS\System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2}
2016-12-13 15:11 - 2016-12-13 15:11 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(1).exe
2016-12-13 15:09 - 2016-12-13 15:09 - 00003106 _____ C:\WINDOWS\System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8}
2016-12-13 15:08 - 2016-12-13 15:08 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT.exe
2016-12-13 03:37 - 2016-12-13 03:44 - 00001192 _____ C:\Users\Rick\Desktop\Scan log.txt
2016-12-12 20:46 - 2016-12-17 14:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-12 20:44 - 2016-12-12 20:45 - 51969976 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-12 14:55 - 2016-12-13 15:27 - 00000000 ____D C:\Program Files\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\Program Files\Speccy
2016-12-12 14:53 - 2016-12-12 14:53 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(2).exe
2016-12-12 14:49 - 2016-12-12 14:49 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(1).exe
2016-12-12 14:45 - 2016-12-12 14:45 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130.exe
2016-12-05 20:40 - 2016-12-05 20:40 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-12-05 16:26 - 2016-12-05 16:27 - 00000115 _____ C:\Users\Rick\Desktop\Geek Police.url
2016-12-05 15:21 - 2016-12-05 15:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-12-05 15:21 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-12-05 15:20 - 2016-12-05 15:20 - 00003004 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2016-12-05 15:20 - 2016-12-05 15:20 - 00003002 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-12-05 15:20 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2016-12-05 15:19 - 2016-12-05 15:19 - 00001204 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00001181 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-12-05 04:33 - 2016-12-05 04:33 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2016-12-04 16:50 - 2016-12-14 15:27 - 00000000 ____D C:\Users\Rick\Desktop\Old Firefox Data
2016-12-04 16:45 - 2016-12-21 15:05 - 00000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2016-12-04 13:31 - 2016-12-04 13:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-04 13:18 - 2016-12-04 13:18 - 00946696 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2016-12-04 13:18 - 2016-12-04 13:18 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-12-04 13:10 - 2016-12-04 13:32 - 00002301 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-04 13:10 - 2016-12-04 13:10 - 00003244 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-12-04 13:10 - 2016-12-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-12-04 13:07 - 2016-12-04 13:08 - 17138387 _____ (IObit ) C:\Users\Rick\Downloads\driver_booster_setup (1).exe
2016-12-04 12:41 - 2016-12-16 13:27 - 00000286 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job
2016-12-04 12:41 - 2016-12-04 12:41 - 00002384 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Rick
2016-12-04 12:40 - 2016-12-04 12:40 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00001391 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-12-04 12:39 - 2016-12-04 12:39 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2016-12-04 12:39 - 2016-12-04 12:39 - 00002808 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_Rick
2016-12-04 12:38 - 2016-12-19 04:09 - 00002291 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2016-12-04 10:57 - 2016-12-04 12:26 - 00851968 _____ C:\WINDOWS\system32\SxsTrace.etl
2016-12-03 17:43 - 2016-12-03 17:43 - 00000329 _____ C:\Users\Rick\Downloads\Pork Butt Rub (2).txt
2016-11-29 16:32 - 2016-11-29 16:32 - 21041152 _____ C:\Users\Rick\Downloads\System.evtx
2016-11-29 16:17 - 2016-11-29 16:17 - 21041152 _____ C:\Users\Rick\Downloads\Applications.evtx
2016-11-29 05:06 - 2016-11-29 05:06 - 03070451 _____ C:\Users\Rick\Documents\System.zip
2016-11-28 21:01 - 2016-11-28 21:02 - 02042944 _____ C:\Users\Rick\Documents\Applications.zip
2016-11-28 20:58 - 2016-11-28 20:58 - 21041152 _____ C:\Users\Rick\Documents\System.evtx
2016-11-28 20:57 - 2016-11-28 20:57 - 21041152 _____ C:\Users\Rick\Documents\Applications.evtx
2016-11-28 19:27 - 2016-11-28 19:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rick\Downloads\rkill.scr
2016-11-28 16:19 - 2016-11-28 16:19 - 01631928 _____ (Malwarebytes) C:\Users\Rick\Downloads\JRT.exe
2016-11-28 16:10 - 2016-11-28 16:10 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (2).exe
2016-11-28 16:08 - 2016-11-28 16:08 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (1).exe
2016-11-28 16:07 - 2016-11-28 16:07 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64.exe
2016-11-27 19:15 - 2016-11-27 19:16 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-11-27 18:55 - 2016-11-27 18:55 - 03910208 _____ C:\Users\Rick\Downloads\adwcleaner_6.030.exe
2016-11-27 18:38 - 2016-11-27 18:38 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-27 17:33 - 2016-11-27 18:25 - 00034543 _____ C:\Users\Rick\Downloads\Addition.txt
2016-11-27 17:29 - 2016-12-21 15:04 - 00021525 _____ C:\Users\Rick\Downloads\FRST.txt
2016-11-27 17:28 - 2016-12-21 15:03 - 00000000 ____D C:\FRST
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0.apk
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0 (1).apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 14:59 - 2013-05-21 18:32 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3431173695-69639140-411144729-1002
2016-12-21 14:54 - 2014-01-12 23:30 - 00000000 ___DO C:\Users\Rick\SkyDrive
2016-12-21 14:14 - 2014-05-04 20:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-21 13:33 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-21 07:27 - 2015-12-03 19:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-19 04:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-19 03:45 - 2013-11-14 02:28 - 00799036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-19 03:41 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 02:37 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-18 18:19 - 2013-11-19 21:26 - 00000000 ____D C:\ProgramData\ProductData
2016-12-17 22:40 - 2013-08-14 04:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 22:32 - 2013-05-22 18:10 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 22:18 - 2014-01-15 22:11 - 87736320 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 05742592 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00061440 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00024576 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-12-17 14:52 - 2013-05-21 18:24 - 00000000 ____D C:\Users\Rick\AppData\Local\Packages
2016-12-17 07:22 - 2013-08-22 09:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 22:27 - 2013-05-22 05:18 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2016-12-16 22:21 - 2014-12-16 13:13 - 00000000 ____D C:\Users\Guest\Desktop\Vicki Lynn Stief_files
2016-12-16 22:21 - 2014-12-03 11:19 - 00000000 ____D C:\Users\Guest\Desktop\Facebook_files
2016-12-16 22:21 - 2014-11-15 11:24 - 00000000 ____D C:\Users\Guest\Desktop\Account Info_files
2016-12-16 22:21 - 2014-11-15 10:42 - 00000000 ____D C:\Users\Guest\Desktop\Remedy by our Grandmothers for Treating Asthma, Bronchitis, Coughs and Lung Problems - Daily Nutrition News_files
2016-12-16 22:21 - 2014-11-12 09:34 - 00000000 ____D C:\Users\Guest\Desktop\The 18 signs of a psychopath _ Health - WGAL Home_files
2016-12-16 22:21 - 2014-10-22 13:35 - 00000000 ____D C:\Users\Guest\Desktop\Classic - Miss Lippy By Vicki Stief (boobahh52) on Myspace_files
2016-12-16 22:21 - 2014-10-21 11:20 - 00000000 ____D C:\Users\Guest\Desktop\Natural Remedy to Rid of Wrinkles _ Health Digezt_files
2016-12-16 22:21 - 2014-10-18 10:44 - 00000000 ____D C:\Users\Guest\Desktop\Club Pogo YAHTZEE Party!_files
2016-12-16 22:21 - 2014-09-27 21:34 - 00000000 ____D C:\Users\Guest\Desktop\12 Ways Multiple Sclerosis Affects the Body_files
2016-12-16 22:19 - 2013-08-22 08:25 - 00000128 _____ C:\WINDOWS\win.ini
2016-12-16 18:13 - 2013-11-09 20:31 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 18:13 - 2013-11-09 20:31 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 13:26 - 2014-05-16 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-16 13:00 - 2014-11-21 10:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-16 13:00 - 2013-08-22 08:25 - 00000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_236
2016-12-15 20:41 - 2012-08-28 07:07 - 00000000 ____D C:\ProgramData\Norton
2016-12-15 20:37 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-15 20:30 - 2016-05-17 14:32 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-12-15 20:30 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-15 20:28 - 2012-08-28 07:07 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-12-15 20:24 - 2016-05-15 09:27 - 00001298 _____ C:\Users\Rick\Desktop\Norton Installation Files.lnk
2016-12-15 20:24 - 2014-05-03 05:11 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-12-14 19:15 - 2016-01-15 19:55 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:15 - 2016-01-15 19:55 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 19:15 - 2014-05-04 20:08 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 18:03 - 2014-01-12 23:31 - 00003762 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE73BFD4-8A76-4CEF-9A5E-A3B42F8E01F8}
2016-12-13 15:42 - 2013-09-05 17:30 - 00000000 ____D C:\Users\Rick\AppData\Roaming\PhotoScape
2016-12-13 15:11 - 2013-08-13 04:54 - 00000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2016-12-10 14:41 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Rick
2016-12-10 11:39 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Guest
2016-12-06 21:21 - 2013-10-31 05:29 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\IObit
2016-12-06 12:47 - 2013-11-11 13:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-12-05 21:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Performance
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\ProgramData\IObit
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-05 15:19 - 2013-05-22 05:12 - 00000000 ____D C:\Users\Rick\AppData\Roaming\IObit
2016-12-05 09:18 - 2014-04-29 05:56 - 74821632 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2016-12-04 16:44 - 2014-06-08 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-04 13:31 - 2015-02-11 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-04 13:28 - 2013-06-25 05:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-04 13:25 - 2014-06-24 18:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-04 12:39 - 2015-12-16 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-12-04 12:31 - 2013-09-29 21:20 - 00000000 ____D C:\Users\Rick\AppData\Local\Google
2016-12-04 12:30 - 2016-05-17 14:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-11-29 05:05 - 2015-12-01 17:51 - 00000000 ____D C:\Users\Rick\Documents\Swiss Beach_files
2016-11-27 16:37 - 2016-04-05 14:21 - 00000000 ____D C:\Users\Rick\Desktop\List of Emoticons for Facebook - Facebook Symbols and Chat Emoticons_files
2016-11-27 16:37 - 2015-12-24 17:10 - 00000000 ____D C:\Users\Rick\Desktop\MyLGHealth - Login Page_files
2016-11-27 16:37 - 2015-12-09 16:21 - 00000000 ____D C:\Users\Rick\Documents\Pervertians_files
2016-11-27 16:37 - 2015-12-07 18:31 - 00000000 ____D C:\Users\Rick\Documents\Stalkerish _ We Find the Hottest Girls on the Web For You_files
2016-11-27 16:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-11-27 16:30 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-11-26 10:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-06-19 14:13 - 2014-06-19 14:13 - 0000024 _____ () C:\Users\Rick\AppData\Roaming\temp.ini
2014-01-12 22:53 - 2014-01-12 22:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-19 05:22

==================== End of FRST.txt ============================

Re: Help with possible virus21st December 2016, 8:13 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Rick (21-12-2016 15:07:00)
Running from C:\Users\Rick\Downloads
Windows 8.1 (Update) (X64) (2014-01-13 04:26:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3431173695-69639140-411144729-500 - Administrator - Disabled)
Guest (S-1-5-21-3431173695-69639140-411144729-501 - Limited - Disabled) => C:\Users\Guest
Rick (S-1-5-21-3431173695-69639140-411144729-1002 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerateTab (HKLM-x32\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adult Emoticons and Avatars (HKLM-x32\...\Adult Emoticons and Avatars) (Version: - Sherv.NET)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.0.3 - IObit)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
IObit Apps Toolbar v9.1 (HKLM-x32\...\{BAADB485-50A5-4E37-AE32-04F35DCEC14B}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.469.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Norton Security (HKLM-x32\...\NSBU) (Version: 22.8.1.14 - Symantec Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 3.1.0.2 - IObit)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB1795-04AD-46BA-A86B-8D0D96BCA903} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {25370D1F-AB0C-4AD8-8FD2-43FEE38C9927} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-11-10] (IObit)
Task: {2D65F4E3-D049-45A5-9CFA-42237233D401} - System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT.exe -d C:\Users\Rick\Downloads
Task: {30A684AF-3445-4816-9CD6-EAC2D9ABC406} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {38320A16-69CF-4FB4-8132-212CC2BC19D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\WINDOWS\system32\GWX\GWXConfigManager.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4264D1D5-0C65-4DC5-B27E-BE53D0FAC3AB} - System32\Tasks\Uninstaller_SkipUac_Rick => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {48CF1E55-8C35-4806-8361-69AF4B249DF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {4B0224BB-A1FD-417B-B68D-9DD36B3A3C55} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {4B305338-B260-4DC3-8386-3B20A442F2E9} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {52F1803B-E997-47F1-9809-556C6F895176} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-03-20] ()
Task: {5F3932DA-63A4-4957-A8D6-8C52E3818DD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6C0197EF-3FF9-47DB-A918-14AEA4A5CDC5} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-08] (IObit)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {74DD6AED-2B78-4F15-8535-539754CEB0EA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {8E799522-D9C8-4D55-8B38-4E692F97FF4E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {8FCDC074-3E08-4AC6-85BD-C1446E7959F0} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {94325F09-D9D7-442A-B318-C15C7ADAB73C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {9EE109CB-DE88-4556-B754-318F6444D61B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {B16ECAAC-D07B-4BFF-A1D5-5165B2433D79} - System32\Tasks\ASC10_SkipUac_Rick => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-11-11] (IObit)
Task: {B1C35841-A6E0-4178-B386-05672B61207B} - System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT(1).exe -d C:\Users\Rick\Downloads
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C273A462-4CFB-4AA0-8467-47FE55DF4155} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {C3A104BE-C907-43D7-8D59-B6C293CFB7FF} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {C86BE6BB-C54D-46AA-9954-69E267D795C4} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D09BA7A6-1E04-448E-8E9A-C124A5EB71ED} - System32\Tasks\Driver Booster SkipUAC (Rick) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {D814DFA0-0D39-4717-8588-C75BB62A16B1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {DB8B83BA-107E-46E0-A6A5-25E516880E85} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {E77C213F-FF82-47FA-812F-3B8CFFF4F3E4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {EF94806C-EEDE-499D-8F49-73A274E53A78} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {F69FC3D9-9077-46E5-BB74-BE9A82DD9738} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-11] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rick\Favorites\Gateway\Gateway.lnk -> hxxp://www.gateway.com/

==================== Loaded Modules (Whitelisted) ==============

2016-12-04 12:40 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-21 18:56 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-12-04 12:38 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-12-04 12:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2016-12-05 15:19 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-12-05 15:19 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00355616 _____ () C:\Program Files (x86)\IObit\Classic Start\madExcept_.bpl
2016-10-21 18:55 - 2015-12-29 10:29 - 00190240 _____ () C:\Program Files (x86)\IObit\Classic Start\madBasic_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00057632 _____ () C:\Program Files (x86)\IObit\Classic Start\madDisAsm_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00275576 _____ () C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00059680 _____ () C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:31 - 00047904 _____ () C:\Program Files (x86)\IObit\Classic Start\winkey.dll
2016-12-04 12:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-12-04 12:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-12-04 12:40 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-12-04 12:40 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-16 22:20 - 2016-12-16 22:20 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3431173695-69639140-411144729-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\10924721_846524365397807_6267246092458262385_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SearchSettings"
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{88DC0B4A-8DAA-4E99-873E-86CC8CAEB68A}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{74B44DF6-AA11-411A-BB22-2916A49541CE}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{20C6A0BE-B768-43E3-9CE3-34667EC258A3}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9366FACF-BB72-4C31-99BA-7C5A1FBD72A9}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B498646-29BA-4BAC-8561-4693EB1F74FB}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}] => C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{CFA4E105-EA7C-467A-8B4C-C585732AC972}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C05799A-6948-43D4-BDA6-E5177D828E6E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF64259A-7933-4C09-B486-40DF487ACFE6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4DF57E0-AD3D-41C1-B760-2426DF39A632}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8683892-3081-473C-8AF6-7763F65993E6}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{56A5F014-4744-43D8-973C-4F861743EF9C}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BE0D0BF1-7A31-42DE-8A5D-39F273F5DD4A}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B5715047-7AAF-4CFF-A77E-40AFA509CB8D}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{7672CCCB-6DBD-457B-AD7B-812A137FB397}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{4E945D23-AEE4-4961-ABE6-3CBFEA02D0AC}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{F6005C09-3EC6-4E6E-AC87-4B6EC2DDEE95}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{C3570ECB-1D19-483E-9541-CD9728E373E0}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{87183292-B196-4AED-8BFE-087AB3470FF6}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{13ADA62A-18C0-437B-831E-A5C5D1C4FD56}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{D3B237C3-2FA0-4AFF-A012-5608A162625C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7952446B-EC3B-4639-925F-077C431DBF4F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{0F371085-04B0-4CBE-9820-B1DE3A63544D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2016 16:32:40 Scheduled Checkpoint
16-12-2016 05:25:07 Windows Modules Installer
16-12-2016 19:45:48 Tweaking.com - Windows Repair
17-12-2016 19:39:32 Windows Modules Installer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2016 03:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 21.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 898

Start Time: 01d25bc4b6fbec4b

Termination Time: 153

Application Path: C:\Users\Rick\Downloads\FRST64(1).exe

Report Id: 17b8459e-c7b8-11e6-871d-7427ea2c4ee7

Faulting package full name:

Faulting package-relative application ID:

Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
   The volume change journal is being deleted. (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

CodeIntegrity:
===================================
Date: 2016-12-19 03:41:15.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 22:20:05.330
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 18:29:46.412
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 15:34:52.095
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 07:22:30.081
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-04 05:53:52.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:47.567
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:43.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:38.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-04 05:53:34.051
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3800.02 MB
Available physical RAM: 1718.64 MB
Total Virtual: 4440.02 MB
Available Virtual: 2100 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2AD815CD)

Partition: GPT.

==================== End of Addition.txt ============================

Re: Help with possible virus21st December 2016, 9:12 pm

Hello again,

It seems that there are a few things to fix here. Let me know once the fixes are complete whether it worked and if the system is better...

Do you know these Chrome Extensions:
CHR Extension: (

Search Incognito

) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]

CHR Extension: (

WeatherBlink

) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]

Fix with Farbar Recovery Scan Tool

Note to outside visitors: This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on FRST icon and select Run as Administrator to start the tool.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Re: Help with possible virus22nd December 2016, 4:15 pm

We need to try something else
Should I still have Norton disabled?

Re: Help with possible virus22nd December 2016, 6:08 pm

Yes, disable Norton temporarily.

Did you encounter issues? If you disable Norton, please try again. Smile...

Re: Help with possible virus22nd December 2016, 6:38 pm

Re: Help with possible virus22nd December 2016, 7:05 pm

Okay, let me know if it went well. Smile...

Re: Help with possible virus22nd December 2016, 9:59 pm

I keep getting "Fixlist.txt not found

Re: Help with possible virus22nd December 2016, 10:03 pm

...And FRST program and the fixlist.txt is in the same exact location?

Re: Help with possible virus22nd December 2016, 10:48 pm

I'm not sure how to get them to the same location

Re: Help with possible virus22nd December 2016, 11:10 pm

Let's do the following scan and see if this will make it easier (I can find the same offending lines in this tool and we can fix only using this tool):

Download OTL.exe by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: Help with possible virus24th December 2016, 9:58 am

OTL logfile created on: 12/23/2016 8:00:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rick\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18500)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.71 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 29.27% Memory free
5.55 Gb Paging File | 1.65 Gb Available in Paging File | 29.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.61 Gb Total Space | 387.91 Gb Free Space | 88.24% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/12/23 19:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Downloads\OTL.exe
PRC - [2016/12/15 17:19:48 | 000,510,920 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/11/21 11:03:04 | 005,386,528 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/11/12 01:37:19 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
PRC - [2016/11/11 22:09:32 | 000,118,448 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coNatHst.exe
PRC - [2016/11/10 16:17:44 | 003,331,872 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/11/08 18:29:38 | 001,065,248 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
PRC - [2016/11/03 14:47:24 | 001,690,400 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2016/11/01 14:21:22 | 006,006,560 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2016/10/31 14:29:50 | 003,076,896 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/10/28 14:54:10 | 000,360,736 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
PRC - [2016/10/21 14:48:46 | 001,600,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2016/10/18 14:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/10/14 10:37:14 | 000,462,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2016/07/29 12:57:32 | 003,046,688 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2016/04/19 09:26:54 | 002,202,912 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
PRC - [2015/12/29 10:30:58 | 000,069,408 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
PRC - [2015/12/29 10:30:38 | 001,063,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe
PRC - [2012/07/05 19:50:26 | 000,553,616 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

========== Modules (No Company Name) ==========

MOD - [2016/11/01 10:11:58 | 000,078,624 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
MOD - [2016/09/26 13:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016/09/26 13:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2016/08/18 18:43:40 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2016/08/18 18:43:36 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2016/08/18 18:43:34 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2016/06/21 19:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2016/06/21 19:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2016/06/21 19:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/29 10:30:42 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
MOD - [2015/12/29 10:30:22 | 000,625,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
MOD - [2015/12/29 10:30:12 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
MOD - [2015/12/29 10:30:06 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl
MOD - [2015/12/29 10:30:00 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl
MOD - [2015/12/29 10:29:58 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll

========== Services (SafeList) ==========

SRV:64bit: - [2016/12/14 08:52:08 | 000,329,480 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2016/10/19 19:09:37 | 001,628,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/08/14 09:38:31 | 000,840,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/21 03:23:08 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2016/04/01 08:57:29 | 001,673,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016/04/01 08:54:55 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/09/16 03:36:54 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/07 04:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/07 04:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/06/23 19:58:36 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015/06/23 19:57:20 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/05/30 14:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/02/20 18:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/11/19 06:09:13 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/11/19 06:05:25 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/11/19 06:04:57 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/11/19 06:04:45 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/11/19 06:04:34 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/11/19 06:04:27 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/11/19 06:03:53 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/11/19 06:03:37 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/11/19 06:03:37 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/11/19 06:03:35 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/11/19 06:03:32 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/11/19 06:03:30 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/11/19 06:03:08 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/11/19 06:03:08 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/11/19 06:03:07 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/11/19 06:03:04 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/11/19 06:02:45 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/11/19 06:02:43 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/11/19 06:02:41 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/11/19 06:00:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/11/19 06:00:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/11/19 06:00:26 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/12/13 15:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2016/12/15 17:19:48 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/12/13 19:14:59 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/11/12 01:37:19 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe -- (NSBU)
SRV - [2016/10/28 14:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2016/10/21 14:48:46 | 001,600,800 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2016/10/14 10:37:14 | 000,462,624 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService10)
SRV - [2016/07/29 12:57:32 | 003,046,688 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/12/29 10:30:38 | 001,063,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe -- (SMService)
SRV - [2015/06/23 19:58:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/11/19 06:06:57 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/11/19 06:00:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/11/19 06:00:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/15 13:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/12/15 20:30:28 | 000,100,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2016/12/04 13:18:58 | 000,946,696 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2016/11/11 22:10:30 | 000,567,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2016/11/11 22:10:00 | 001,628,888 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\symefasi64.sys -- (SymEFASI)
DRV:64bit: - [2016/11/11 22:10:00 | 000,024,192 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2016/11/11 22:08:35 | 000,289,520 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2016/11/11 22:08:11 | 000,174,328 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\ccSetx64.sys -- (ccSet_NSBU)
DRV:64bit: - [2016/11/11 22:07:57 | 000,784,624 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2016/11/11 22:07:56 | 000,049,400 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2016/10/31 03:12:29 | 000,418,784 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2016/10/19 19:09:36 | 000,921,944 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2016/09/20 14:43:08 | 000,420,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/07/26 04:40:48 | 000,057,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/07/21 03:37:29 | 000,101,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2016/07/21 03:23:35 | 021,639,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2016/07/21 03:23:35 | 000,665,600 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2016/06/27 06:59:05 | 000,087,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2016/04/01 08:50:51 | 000,072,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/03/22 11:02:16 | 000,021,360 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2015/11/20 17:22:28 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/11/08 14:31:31 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2015/10/25 12:59:52 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/07 04:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/07 04:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/07 04:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/05/21 03:52:49 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/05/01 10:07:35 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/04/22 14:22:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/04/22 04:28:11 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/04 05:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/01/18 05:50:36 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2014/12/29 15:58:47 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/12/29 15:58:44 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/12/29 15:58:42 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/12/29 15:58:41 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/11/19 06:09:38 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/11/19 06:09:14 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/11/19 06:04:31 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/11/19 06:04:27 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/11/19 06:04:24 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/11/19 06:00:39 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/11/19 06:00:25 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/04/08 18:54:36 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/04/08 18:54:35 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/01/13 01:45:36 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/24 13:39:52 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV - [2016/12/16 15:59:56 | 001,038,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\IPSDefs\20161221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2016/12/13 16:48:44 | 001,874,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2016/09/22 14:38:34 | 000,497,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2016/07/27 17:37:38 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2016/04/01 10:13:32 | 000,022,208 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys -- (IMFFilter)
DRV - [2014/12/28 20:07:54 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2014/03/13 03:24:24 | 000,028,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys -- (AtiDCM)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ECF39224-BA91-4599-A47F-7B180AC6F4E0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{ECF39224-BA91-4599-A47F-7B180AC6F4E0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 71 5A E0 2E 97 AE D1 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 21 00 00 00 B3 93 2F 16 C2 1B 98 6B FF 58 27 BE 03 FC 02 21 14 A2 29 F0 E1 F8 A0 81 76 F5 B2 CC 45 E9 D8 73 2B 02 00 00 00 10 00 00 00 50 5A 77 25 32 62 48 6C 7A 34 6F 76 6B 25 33 64 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {ECF39224-BA91-4599-A47F-7B180AC6F4E0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{B91B95CE-6BBA-406B-AA86-EFBC0705308D}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKCU\..\SearchScopes\{ECF39224-BA91-4599-A47F-7B180AC6F4E0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.112.2: C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.112.2: C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\COFFADDON\ [2016/12/16 01:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon\ [2016/12/16 01:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: enable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Market: en-us
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Package: DefaultPack
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\OSVersion: 6.2.9200.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\LVersion: 1.7.50.0
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\MFVersion: MF39.0 (x86 en-US)

[2013/05/22 20:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Extensions
[2016/12/14 15:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\ahzejier.default-1481747222543\extensions
[2016/12/15 17:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.1.3_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_1\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe\1.1.4_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.16_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_2\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.1.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco\1.5.8_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\

O1 HOSTS File: ([2016/12/23 10:56:36 | 000,000,064 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1   mssplus.mcafee.com
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 10] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/12/23 10:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/12/17 19:44:06 | 000,835,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/12/17 19:44:06 | 000,177,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/12/17 16:08:29 | 000,000,000 | -HSD | C] -- C:\found.000
[2016/12/16 23:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2016/12/16 22:24:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2016/12/16 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Tweaking.com - Windows Repair
[2016/12/16 13:09:08 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\tweaking.com_windows_repair_aio
[2016/12/15 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2016/12/15 20:30:29 | 000,100,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2016/12/15 20:28:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
[2016/12/15 20:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security with Backup
[2016/12/15 17:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/12/13 17:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2016/12/12 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2016/12/05 15:21:00 | 000,128,288 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll
[2016/12/05 15:20:56 | 000,021,360 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys
[2016/12/05 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2016/12/05 15:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/12/04 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Old Firefox Data
[2016/12/04 13:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/12/04 13:31:15 | 000,097,856 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2016/12/04 13:18:58 | 000,946,696 | ---- | C] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2016/12/04 13:18:58 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2016/12/04 13:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
[2016/12/04 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2016/11/27 17:28:32 | 000,000,000 | ---D | C] -- C:\FRST
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[15 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/12/23 20:14:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/12/23 20:02:09 | 000,001,106 | ---- | M] () -- C:\Users\Rick\Desktop\OTL.lnk
[2016/12/23 10:56:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2016/12/23 10:56:31 | 000,002,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/12/23 10:56:31 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2016/12/22 07:39:53 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[2016/12/22 07:17:10 | 000,799,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/12/22 07:17:10 | 000,663,166 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/12/22 07:17:10 | 000,124,496 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/12/22 07:08:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/12/22 07:08:46 | 3187,687,424 | -HS- | M] () -- C:\hiberfil.sys
[2016/12/22 07:07:54 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/12/22 04:49:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_Rick.job
[2016/12/19 08:38:36 | 000,423,638 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\VT20161219.005
[2016/12/17 19:43:57 | 005,328,400 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\Cat.DB
[2016/12/17 19:43:53 | 000,835,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/12/17 19:43:53 | 000,177,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/12/17 07:22:10 | 000,337,808 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/12/16 22:04:14 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/12/16 13:00:54 | 000,000,853 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts_bak_236
[2016/12/15 20:30:28 | 000,100,592 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2016/12/15 20:30:28 | 000,008,319 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2016/12/15 20:30:28 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2016/12/15 20:30:10 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/12/15 20:24:05 | 000,001,298 | ---- | M] () -- C:\Users\Rick\Desktop\Norton Installation Files.lnk
[2016/12/14 19:15:17 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/12/13 02:29:25 | 000,423,463 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\VT20161212.021
[2016/12/05 16:27:00 | 000,000,115 | ---- | M] () -- C:\Users\Rick\Desktop\Geek Police.url
[2016/12/05 15:19:35 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2016/12/05 15:19:31 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 5.lnk
[2016/12/05 04:33:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2016/12/04 13:32:25 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2016/12/04 13:30:42 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2016/12/04 13:18:58 | 000,946,696 | ---- | M] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2016/12/04 13:18:58 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2016/12/04 12:40:36 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2016/12/04 12:26:31 | 000,851,968 | ---- | M] () -- C:\WINDOWS\SysNative\SxsTrace.etl
[2016/11/29 05:06:39 | 003,070,451 | ---- | M] () -- C:\Users\Rick\Documents\System.zip
[2016/11/28 21:02:01 | 002,042,944 | ---- | M] () -- C:\Users\Rick\Documents\Applications.zip
[2016/11/28 20:58:27 | 021,041,152 | ---- | M] () -- C:\Users\Rick\Documents\System.evtx
[2016/11/28 20:57:21 | 021,041,152 | ---- | M] () -- C:\Users\Rick\Documents\Applications.evtx
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[15 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/12/23 20:02:09 | 000,001,106 | ---- | C] () -- C:\Users\Rick\Desktop\OTL.lnk
[2016/12/23 10:56:31 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2016/12/23 10:54:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/12/16 22:04:14 | 000,863,592 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/12/15 20:30:29 | 000,008,319 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2016/12/15 20:30:29 | 000,000,854 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2016/12/15 20:30:10 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/12/05 16:26:37 | 000,000,115 | ---- | C] () -- C:\Users\Rick\Desktop\Geek Police.url
[2016/12/05 15:19:35 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2016/12/05 15:19:31 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 5.lnk
[2016/12/05 04:33:49 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2016/12/04 13:10:00 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2016/12/04 12:41:27 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_Rick.job
[2016/12/04 12:40:36 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[2016/12/04 12:40:36 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2016/12/04 12:38:57 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[2016/12/04 10:57:05 | 000,851,968 | ---- | C] () -- C:\WINDOWS\SysNative\SxsTrace.etl
[2016/11/29 05:06:37 | 003,070,451 | ---- | C] () -- C:\Users\Rick\Documents\System.zip
[2016/11/28 21:01:58 | 002,042,944 | ---- | C] () -- C:\Users\Rick\Documents\Applications.zip
[2016/11/28 20:58:24 | 021,041,152 | ---- | C] () -- C:\Users\Rick\Documents\System.evtx
[2016/11/28 20:57:19 | 021,041,152 | ---- | C] () -- C:\Users\Rick\Documents\Applications.evtx
[2016/07/21 03:23:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2016/07/21 03:23:08 | 000,189,952 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2016/07/21 03:23:08 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2016/07/21 03:23:08 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/12/28 20:04:29 | 000,004,616 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpService.ini
[2014/12/28 20:04:29 | 000,002,448 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2014/06/19 14:13:16 | 000,000,024 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\temp.ini
[2014/01/12 22:53:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl

========== ZeroAccess Check ==========

[2014/02/23 18:51:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2016/09/20 14:39:39 | 022,360,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/09/20 14:39:40 | 019,789,232 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2014/11/19 06:02:02 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/19 06:06:35 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2014/11/19 06:02:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Users\Rick\SkyDrive:ms-properties

< End of report >

Re: Help with possible virus24th December 2016, 9:19 pm

Please take note of what extensions you want to keep on Google Chrome, and then download and run the Google Chrome Software Cleaner. It will not delete anything but extensions and other foul things that cause problems.

Google Chrome is possibly infected, but this software is dedicated to helping remove most common problems and fix settings that malware might try to change.

Then, please do the following:

Please download Malwarebytes' AdwCleaner onto your Desktop.

Double click on AdwCleaner_xxxx.exe to run the tool.
Click on Scan.
After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
You can find the logfile at C:\AdwCleaner[Sx].txt as well.

Re: Help with possible virus25th December 2016, 12:13 am

# AdwCleaner v6.041 - Logfile created 24/12/2016 at 19:12:12
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\Rick\AppData\Roaming\lavasoft\web companion
Folder Found: C:\ProgramData\lavasoft\web companion
Folder Found: C:\ProgramData\Application Data\lavasoft\web companion
Folder Found: C:\Users\Public\Documents\Downloaded Installers
Folder Found: C:\Program Files (x86)\lavasoft\web companion
Folder Found: C:\Program Files (x86)\Yahoo!\yset
Folder Found: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnbmiailafajdkboegcjcdklooomfic

***** [ Files ] *****

File Found: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3431173695-69639140-411144729-1002\Products\D18D56BAA303BDD4CAC7219CDCF976BF
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3431173695-69639140-411144729-1002\Products\363FB0CBBA367FF4E81FEAD0F717B142
Value Found: HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [BackgroundContainer]
Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchSettings]
Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" - "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com search
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe.search.ask.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbmegnmpleoagolcnjnejdacakedpcgd
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic
Chrome pref Found: [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5379 Bytes] - [24/12/2016 19:12:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5452 Bytes] ##########

Re: Help with possible virus25th December 2016, 4:15 am

Ensure Norton's program is disabled for these fixes... Looks like we found the Google Chrome culprits...

Remove the Adware

Please close all open programs and internet browsers.
Double click on adwcleaner_xxxx.exe to run the tool.
Press Scan, wait for it to finish, and then hit Clean.
Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
You can find the logfile at C:\AdwCleaner[Sx].txt as well.

Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Re: Help with possible virus25th December 2016, 12:36 pm

# AdwCleaner v6.041 - Logfile created 25/12/2016 at 06:19:07
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Local]
# Operating System : Windows 8.1 (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" - "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1450 Bytes] - [25/12/2016 06:19:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1523 Bytes] ##########

Re: Help with possible virus25th December 2016, 3:08 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Rick (Administrator) on Sun 12/25/2016 at 7:43:05.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 11

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\user.js (File)
Successfully deleted: C:\Users\Rick\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Rick\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Rick) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Rick (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job (Task)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/25/2016 at 8:04:13.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Help with possible virus26th December 2016, 1:35 am

Okay, now please rerun AdwCleaner like earlier and post a new log. Smile...

Re: Help with possible virus26th December 2016, 10:17 am

# AdwCleaner v6.041 - Logfile created 26/12/2016 at 05:10:12
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-25.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" - "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe.search.ask.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com search
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbmegnmpleoagolcnjnejdacakedpcgd
Chrome pref Found: [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1602 Bytes] - [25/12/2016 06:19:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [2507 Bytes] - [26/12/2016 05:10:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2580 Bytes] ##########

Re: Help with possible virus26th December 2016, 10:36 am

# AdwCleaner v6.041 - Logfile created 26/12/2016 at 05:22:18
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-25.1 [Server]
# Operating System : Windows 8.1 (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder deleted: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE"
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: nortonsafe.search.ask.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com search
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jnnbmiailafajdkboegcjcdklooomfic

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [2182 Bytes] - [26/12/2016 05:22:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1602 Bytes] - [25/12/2016 06:19:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [2659 Bytes] - [26/12/2016 05:10:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2548 Bytes] ##########

Re: Help with possible virus26th December 2016, 6:49 pm

Good work... Now an online scanner to see if we got it all...

Run ESET Online Scan Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Help with possible virus27th December 2016, 9:31 pm

No threats found

Re: Help with possible virus27th December 2016, 9:32 pm

Good, now please let me know how things are running overall. Smile...

Re: Help with possible virus28th December 2016, 1:01 am

Terrible, Boot time and the time to load pages is painfully slow. I have Internet explorer, Firefox and Chrome to use as browsers. Out of the three Firefox is the best, and it's nothing to brag about.

Re: Help with possible virus28th December 2016, 1:51 am

Okay... Is the system slow or just the browsing the web?

Is the slowness worse with more programs open, or no difference?

Re: Help with possible virus28th December 2016, 10:03 am

Everything is slow, Start-up and Browsing. The amount of open pages doesn't seem to make a difference.

Re: Help with possible virus28th December 2016, 7:50 pm

Okay, would you please post a new Speccy Report, so I can take a closer look at the internals such as hardware. We'll shift this back to tech talk to see if something was missed, etc.

Re: Help with possible virus28th December 2016, 8:40 pm

http://speccy.piriform.com/results/YzsozMruSXOKRLw20sTK1Nj

Re: Help with possible virus28th December 2016, 9:21 pm

Hello again,

I am having one of my associates come and help diagnose, to see if there is something that I'm not seeing or if he has any ideas for diagnostics.

Your hardware and software check out fine... which is confusing to me. Let me see if he has any suggestions here.

Help with possible virus

descriptionRe: Help with possible virus13th December 2016, 2:58 pm

descriptionRe: Help with possible virus13th December 2016, 8:19 pm

descriptionRe: Help with possible virus13th December 2016, 8:25 pm

descriptionRe: Help with possible virus13th December 2016, 10:59 pm

descriptionRe: Help with possible virus14th December 2016, 1:45 am

descriptionRe: Help with possible virus15th December 2016, 10:36 pm

descriptionRe: Help with possible virus15th December 2016, 10:42 pm

descriptionRe: Help with possible virus16th December 2016, 10:36 am

descriptionRe: Help with possible virus16th December 2016, 3:57 pm

descriptionRe: Help with possible virus17th December 2016, 8:07 pm

descriptionRe: Help with possible virus17th December 2016, 8:10 pm

descriptionRe: Help with possible virus17th December 2016, 11:55 pm

descriptionRe: Help with possible virus18th December 2016, 12:47 am

descriptionRe: Help with possible virus18th December 2016, 10:39 am

descriptionRe: Help with possible virus18th December 2016, 7:47 pm

descriptionRe: Help with possible virus20th December 2016, 8:06 pm

descriptionRe: Help with possible virus20th December 2016, 8:39 pm

descriptionRe: Help with possible virus20th December 2016, 11:56 pm

descriptionRe: Help with possible virus21st December 2016, 1:30 am

descriptionRe: Help with possible virus21st December 2016, 9:46 am

descriptionRe: Help with possible virus21st December 2016, 6:41 pm

descriptionRe: Help with possible virus21st December 2016, 8:12 pm

descriptionRe: Help with possible virus21st December 2016, 8:13 pm

descriptionRe: Help with possible virus21st December 2016, 9:12 pm

descriptionRe: Help with possible virus22nd December 2016, 4:15 pm

descriptionRe: Help with possible virus22nd December 2016, 6:08 pm

descriptionRe: Help with possible virus22nd December 2016, 6:38 pm

descriptionRe: Help with possible virus22nd December 2016, 7:05 pm

descriptionRe: Help with possible virus22nd December 2016, 9:59 pm

descriptionRe: Help with possible virus22nd December 2016, 10:03 pm

descriptionRe: Help with possible virus22nd December 2016, 10:48 pm

descriptionRe: Help with possible virus22nd December 2016, 11:10 pm

descriptionRe: Help with possible virus24th December 2016, 9:58 am

descriptionRe: Help with possible virus24th December 2016, 9:19 pm

descriptionRe: Help with possible virus25th December 2016, 12:13 am

descriptionRe: Help with possible virus25th December 2016, 4:15 am

descriptionRe: Help with possible virus25th December 2016, 12:36 pm

descriptionRe: Help with possible virus25th December 2016, 3:08 pm

descriptionRe: Help with possible virus26th December 2016, 1:35 am

descriptionRe: Help with possible virus26th December 2016, 10:17 am

descriptionRe: Help with possible virus26th December 2016, 10:36 am

descriptionRe: Help with possible virus26th December 2016, 6:49 pm

descriptionRe: Help with possible virus27th December 2016, 9:31 pm

descriptionRe: Help with possible virus27th December 2016, 9:32 pm

descriptionRe: Help with possible virus28th December 2016, 1:01 am

descriptionRe: Help with possible virus28th December 2016, 1:51 am

descriptionRe: Help with possible virus28th December 2016, 10:03 am

descriptionRe: Help with possible virus28th December 2016, 7:50 pm

descriptionRe: Help with possible virus28th December 2016, 8:40 pm

descriptionRe: Help with possible virus28th December 2016, 9:21 pm

descriptionRe: Help with possible virus