Help with possible virus

Log Name:      Application
Source:        Chkdsk
Date:          12/16/2016 6:45:29 PM
Event ID:      26213
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Home
Description:
Chkdsk was executed in read-only mode.  A volume snapshot was not used. Extra errors and warnings may be reported as the volume may have changed during the chkdsk run.  

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

Event Xml:

 
   
    26213
    4
    0
    0x80000000000000
   
    280902
    Application
    Home
   
 
 
   

Checking file system on C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Gateway.

WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
                                                                                       
                                                                                       
  495872 file records processed.                                                        

File verification completed.
                                                                                       
                                                                                       
  18987 large file records processed.                                   

                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Index entry CHKDSK.EXE-13847046.pf of index $I30 in file 0x4518c points to unused file 0x1407.
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 283020 is incorrect.
                                                                                       
                                                                                       
  571706 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

    0091070016FB0300792D0500000000007B0700007D0000000000000000000000
 

How did you run CHKDSK?

It should be run in CHKDSK /R /F to ensure that it fixes it.

Please try again, but ensure there is one space in between CHKDSK and /R and one space between /R and /F.

New logs

Okay, Rick... Let's look a bit closer at the drivers. We are going to purposely make this system reproduce any errors it's having. Please backup your data (many backup sites are free and easy if you don't have one: Box.com, Dropbox.com, OneDrive.com, drive.google.com, etc.). After backing up, please do the following:

I'm trying to get the information you need. I'm just a dumb Bodyman so it might take some time to figure out how.

Lets go with another option. I can't get the Verifier to open, the black box flashes on for just a second but never opens.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Report FF Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• List Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  
• List Devices... ALL
  
• List MiniDump Files
  

Click Go and copy/paste the log (Result.txt) into your next post.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Rick (administrator) on 21-12-2016 at 04:43:53
Running from "C:\Users\Rick\Downloads"
Microsoft Windows 8.1  (X64)
Model: SX2110G Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64
set interface interface="Ethernet" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-27-EA-2C-4E-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8960:d6e9:915:6362%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, December 19, 2016 3:41:11 AM
   Lease Expires . . . . . . . . . . : Thursday, December 22, 2016 3:41:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 264805596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d5c:5a30:10d9:3f9d:3f57:feec(Preferred)
   Link-local IPv6 Address . . . . . : fe80::10d9:3f9d:3f57:feec%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4004:80c::200e
      216.58.217.110


Pinging google.com [216.58.217.110] with 32 bytes of data:
Reply from 216.58.217.110: bytes=32 time=15ms TTL=57
Reply from 216.58.217.110: bytes=32 time=16ms TTL=57

Ping statistics for 216.58.217.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 16ms, Average = 15ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55
Reply from 98.139.183.24: bytes=32 time=47ms TTL=55

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...74 27 ea 2c 4e e7 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.19     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.19    276
     192.168.1.19  255.255.255.255         On-link      192.168.1.19    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.19    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.19    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.19    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:d5c:5a30:10d9:3f9d:3f57:feec/128
                                    On-link
  3    276 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::10d9:3f9d:3f57:feec/128
                                    On-link
  3    276 fe80::8960:d6e9:915:6362/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    276 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (User: HOME)
Description: Installing the performance counter strings for service .NETFramework () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577 = Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 10:40:10 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Data29F0F

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET CLR Networking29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for Oracle29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NET Data Provider for SqlServer29F0F

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf)(User: HOME)
Description: .NETFramework29F0F


CodeIntegrity Errors:
===================================
  Date: 2016-12-19 03:41:15.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 22:20:05.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 18:29:46.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 15:34:52.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 07:22:30.081
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-04 05:53:52.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:47.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:43.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:38.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:34.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


========================= Devices: ================================

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&1F07340A&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E1AE00000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000033D00000

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES

Name: Speakers (Realtek High Definition Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{D480B40B-9B52-4913-A575-EE0B044FFE6A}

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1719&SUBSYS_00000000&REV_00\3&11583659&0&C7

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1D593F42&0

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\2&DABA3FF&2

Name: HP Deskjet 5150 series
Description: HP Deskjet 5150 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Device ID: USBPRINT\HPDESKJET_5100\6&3257F73&0&USB001

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&92

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&9A

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: AMD
Service: usbehci
Device ID: PCI\VEN_1002&DEV_4396&SUBSYS_05921025&REV_00\3&11583659&0&B2

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&140F0BF2&0

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000019100000

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\THRM

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&140F0BF2&0

Name: Microsoft IPv4 IPv6 Transition Adapter Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\IP_TUNNEL_VBUS\IP_TUNNEL_DEVICE_ROOT

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&140F0BF2&0

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\TEREDOTUNNELINGPSEUDOINTERFACE_0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1716&SUBSYS_00000000&REV_00\3&11583659&0&C6

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&7C1019&0

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Device ID: ACPI\PNP0C14\0

Name: AMD PCI IDE Controller
Description: AMD PCI IDE Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: amdide64
Device ID: PCI\VEN_1002&DEV_439C&SUBSYS_05921025&REV_40\3&11583659&0&A1

Name: Acer E202HL (Digital)
Description: Acer E202HL (Digital)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Acer Inc.
Service: monitor
Device ID: DISPLAY\ACR02A4\4&E90CE90&0&UID256

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A2&SUBSYS_00001002&REV_00\3&11583659&0&AA

Name: ST500DM002-1BD142
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST500DM002-1BD14\4&19F351EC&0&000000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&E8C890&0

Name: HP Deskjet 5150 series
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Hewlett-Packard
Service:
Device ID: SWD\PRINTENUM\{1F3CD055-CD6E-4739-8347-6685715A5650}

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\4&2A04E29&0&0001

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1702&SUBSYS_00000000&REV_00\3&11583659&0&C2

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&140F0BF2&0

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: SWD\IP_TUNNEL_VBUS\ISATAP_0

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Device ID: ROOT\KDNIC\0000

Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{D943D8D8-F7EB-4400-8EEE-A8CFF8C894B5}

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_10258100&REV_1001\4&1B7D940D&0&0001

Name: AMD Radeon HD 7310 Graphics
Description: AMD Radeon HD 7310 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_9809&SUBSYS_05921025&REV_00\3&11583659&0&08

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_1314&SUBSYS_05921025&REV_00\3&11583659&0&09

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1270D34B&0

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_05921025&REV_06\4&EDB6346&0&00AA

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1718&SUBSYS_00000000&REV_00\3&11583659&0&C5

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&625DA5F&0

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&140F0BF2&0

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\C8

Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\0

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1C26DD86&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1704&SUBSYS_00000000&REV_00\3&11583659&0&C4

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Device ID: PCIIDE\IDECHANNEL\4&2A4155E3&0&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: HTREE\ROOT\0

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000

Name: PIONEER DVD-RW DVR-220RS
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_PIONEER&PROD_DVD-RW_DVR-220RS\4&19F351EC&0&010000

Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{9D7DBACD-D102-4149-B2DB-FFEC94371EAB}

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0800\4&140F0BF2&0

Name: AMD SMBus
Description: AMD SMBus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc
Service:
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_05921025&REV_42\3&11583659&0&A0

Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Device ID: USB\VID_03F0&PID_6204\MY37O3Q09Z7A

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1701&SUBSYS_00000000&REV_00\3&11583659&0&C1

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&2

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_40\3&11583659&0&A4

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\14

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\99

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Device ID: ACPI\PNP0F03\4&140F0BF2&0

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1510&SUBSYS_15101022&REV_00\3&11583659&0&00

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&140F0BF2&0

Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_05921025&REV_40\3&11583659&0&A2

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&90

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&98

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4397&SUBSYS_05921025&REV_00\3&11583659&0&B0

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_1

Name: AMD E1-1200 APU with Radeon(tm) HD Graphics
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Device ID: ACPI\AUTHENTICAMD_-_AMD64_FAMILY_20_MODEL_2_-_AMD_E1-1200_APU_WITH_RADEON(TM)_HD_GRAPHICS\_2

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Device ID: ROOT\NDISVIRTUALBUS\0000

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Device ID: PCI\VEN_1002&DEV_439D&SUBSYS_05921025&REV_40\3&11583659&0&A3

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1700&SUBSYS_00000000&REV_43\3&11583659&0&C0

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\111

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\700

Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci
Device ID: PCI\VEN_1002&DEV_4391&SUBSYS_05921025&REV_40\3&11583659&0&88

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: PCI\VEN_1022&DEV_1703&SUBSYS_00000000&REV_00\3&11583659&0&C3

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\E11

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000006E30C00000

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#000000002BD00000

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1022&DEV_1512&SUBSYS_05921025&REV_00\3&11583659&0&20

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_1002&DEV_43A0&SUBSYS_00001002&REV_00\3&11583659&0&A8

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Device ID: STORAGE\VOLUME\{5980A7BA-907F-11E2-BE69-806E6F6E6963}#0000000000100000

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Device ID: PCI\VEN_1002&DEV_4399&SUBSYS_05921025&REV_00\3&11583659&0&A5


========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3800.02 MB
Available physical RAM: 1554.96 MB
Total Virtual: 4440.02 MB
Available Virtual: 1901.79 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.93 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME

Administrator            Guest                    Rick                     

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Before we try to fix Windows Update, do the following please:

Scan with Farbar Recovery Scan Tool

Please re-download Farbar Recovery Scan Tool x64 and save it to your Desktop. There is an updated version available.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• When the tool opens click Yes to disclaimer.
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please copy and paste their content into your next reply.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Rick (administrator) on HOME (21-12-2016 15:03:37)
Running from C:\Users\Rick\Downloads
Loaded Profiles: Rick (Available Profiles: Rick & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-10-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3076896 2016-10-31] (IObit)
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\buShell.dll [2016-11-11] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> {B91B95CE-6BBA-406B-AA86-EFBC0705308D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-12-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-12-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coIEPlg.dll [2016-11-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3431173695-69639140-411144729-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)

FireFox:
========
FF DefaultProfile: 94tgnqs0.default-1480888203401
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\user.js [2016-12-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> Google
FF Homepage: Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401 -> hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE
FF Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\94tgnqs0.default-1480888203401\Extensions\idsafe@norton.com.xpi [2016-12-15]
FF ProfilePath: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543 [2016-12-21]
FF user.js: detected! => C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\user.js [2016-12-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon [2016-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon
FF HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-05-22] ()

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Google Docs) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-12]
CHR Extension: (Google Drive) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-10-20]
CHR Extension: (YouTube) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-12-02]
CHR Extension: (Google Search) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-30]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-05-22]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc [2016-10-21]
CHR Extension: (Google Docs Offline) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Norton Identity Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-10-21]
CHR Extension: (WeatherBlink) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]
CHR Extension: (Norton Safe) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Search Incognito) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]
CHR Extension: (Gmail) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3431173695-69639140-411144729-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] -
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] -
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1600800 2016-10-21] (IObit)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe [289080 2016-11-12] (Symantec Corporation)
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1063200 2015-12-29] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\WINDOWS\System32\drivers\amdide64.sys [11944 2015-11-08] (Advanced Micro Devices Inc.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2013-12-24] (Advanced Micro Devices, Inc.)
S3 AtiDCM; C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys [28416 2014-03-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [101376 2016-07-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation)
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NSBU; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\ccSetx64.sys [174328 2016-11-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-09-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-15] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-28] (REALiX(tm))
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\IPSDefs\20161221.001\IDSvia64.sys [1038032 2016-12-16] (Symantec Corporation)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-07-27] (IObit.com)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SRTSP; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSP64.SYS [784624 2016-11-11] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SRTSPX64.SYS [49400 2016-11-11] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-11] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NSBUx64\1608010.00E\SymELAM.sys [24192 2016-11-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-15] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\Ironx64.SYS [289520 2016-11-11] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\system32\drivers\NSBUx64\1608010.00E\SYMNETS.SYS [567512 2016-11-11] (Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\SDSDefs\20161215.018\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 15:01 - 2016-12-21 15:01 - 00001431 _____ C:\Users\Rick\Desktop\FRST64(1).lnk
2016-12-21 14:59 - 2016-12-21 14:59 - 00002876 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Rick)
2016-12-21 14:58 - 2016-12-21 14:58 - 02420736 _____ (Farbar) C:\Users\Rick\Downloads\FRST64(1).exe
2016-12-21 04:43 - 2016-12-21 04:44 - 00042649 _____ C:\Users\Rick\Downloads\MTB.txt
2016-12-21 04:42 - 2016-12-21 04:42 - 00892416 _____ (Farbar) C:\Users\Rick\Downloads\MiniToolBox.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-17 19:44 - 2016-12-17 19:43 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-17 16:08 - 2016-12-17 16:08 - 00000000 __SHD C:\found.000
2016-12-16 22:04 - 2016-12-16 22:04 - 00863592 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-12-16 17:34 - 2016-12-16 17:43 - 00000000 ____D C:\Users\Rick\Desktop\Tweaking.com - Windows Repair
2016-12-16 13:09 - 2016-12-16 13:11 - 00000000 ____D C:\Users\Rick\Documents\tweaking.com_windows_repair_aio
2016-12-16 13:00 - 2016-12-16 13:00 - 00001999 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-16 13:00 - 2016-12-16 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-15 20:38 - 2016-12-15 20:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2016-12-15 20:30 - 2016-12-15 20:30 - 00100592 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-12-15 20:30 - 2016-12-15 20:30 - 00008319 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-12-15 20:30 - 2016-12-15 20:30 - 00003240 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-12-15 20:30 - 2016-12-15 20:30 - 00002573 _____ C:\Users\Public\Desktop\Norton Security with Backup.lnk
2016-12-15 20:28 - 2016-12-15 20:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
2016-12-15 20:28 - 2016-12-15 20:29 - 00000000 ____D C:\Program Files (x86)\Norton Security with Backup
2016-12-15 20:23 - 2016-12-15 20:23 - 01101176 _____ (Symantec Corporation) C:\Users\Rick\Downloads\NortonNSBUDownloader(1).exe
2016-12-15 17:19 - 2016-12-15 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-13 17:54 - 2016-12-13 17:54 - 00000000 ____D C:\ProgramData\Symantec
2016-12-13 17:33 - 2016-12-13 17:33 - 00900344 _____ C:\Users\Rick\Downloads\Norton_Removal_Tool.exe
2016-12-13 15:17 - 2016-12-13 15:17 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(3).exe
2016-12-13 15:14 - 2016-12-13 15:14 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(2).exe
2016-12-13 15:12 - 2016-12-13 15:12 - 00003112 _____ C:\WINDOWS\System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2}
2016-12-13 15:11 - 2016-12-13 15:11 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT(1).exe
2016-12-13 15:09 - 2016-12-13 15:09 - 00003106 _____ C:\WINDOWS\System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8}
2016-12-13 15:08 - 2016-12-13 15:08 - 00779920 _____ (Symantec Corporation) C:\Users\Rick\Downloads\SymNRT.exe
2016-12-13 03:37 - 2016-12-13 03:44 - 00001192 _____ C:\Users\Rick\Desktop\Scan log.txt
2016-12-12 20:46 - 2016-12-17 14:45 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-12 20:44 - 2016-12-12 20:45 - 51969976 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-12 14:55 - 2016-12-13 15:27 - 00000000 ____D C:\Program Files\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00002780 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-12 14:55 - 2016-12-12 14:55 - 00000000 ____D C:\Program Files\Speccy
2016-12-12 14:53 - 2016-12-12 14:53 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(2).exe
2016-12-12 14:49 - 2016-12-12 14:49 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130(1).exe
2016-12-12 14:45 - 2016-12-12 14:45 - 06293184 _____ (Piriform Ltd) C:\Users\Rick\Downloads\spsetup130.exe
2016-12-05 20:40 - 2016-12-05 20:40 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-12-05 16:26 - 2016-12-05 16:27 - 00000115 _____ C:\Users\Rick\Desktop\Geek Police.url
2016-12-05 15:21 - 2016-12-05 15:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2016-12-05 15:21 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-12-05 15:20 - 2016-12-05 15:20 - 00003004 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2016-12-05 15:20 - 2016-12-05 15:20 - 00003002 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-12-05 15:20 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2016-12-05 15:19 - 2016-12-05 15:19 - 00001204 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00001181 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-12-05 15:19 - 2016-12-05 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-12-05 04:33 - 2016-12-05 04:33 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2016-12-04 16:50 - 2016-12-14 15:27 - 00000000 ____D C:\Users\Rick\Desktop\Old Firefox Data
2016-12-04 16:45 - 2016-12-21 15:05 - 00000000 ____D C:\Users\Rick\AppData\LocalLow\Mozilla
2016-12-04 13:31 - 2016-12-04 13:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-04 13:18 - 2016-12-04 13:18 - 00946696 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2016-12-04 13:18 - 2016-12-04 13:18 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-12-04 13:10 - 2016-12-04 13:32 - 00002301 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-04 13:10 - 2016-12-04 13:10 - 00003244 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-12-04 13:10 - 2016-12-04 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2016-12-04 13:07 - 2016-12-04 13:08 - 17138387 _____ (IObit ) C:\Users\Rick\Downloads\driver_booster_setup (1).exe
2016-12-04 12:41 - 2016-12-16 13:27 - 00000286 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job
2016-12-04 12:41 - 2016-12-04 12:41 - 00002384 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Rick
2016-12-04 12:40 - 2016-12-04 12:40 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00001391 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-12-04 12:40 - 2016-12-04 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-12-04 12:39 - 2016-12-04 12:39 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2016-12-04 12:39 - 2016-12-04 12:39 - 00002808 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_Rick
2016-12-04 12:38 - 2016-12-19 04:09 - 00002291 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2016-12-04 10:57 - 2016-12-04 12:26 - 00851968 _____ C:\WINDOWS\system32\SxsTrace.etl
2016-12-03 17:43 - 2016-12-03 17:43 - 00000329 _____ C:\Users\Rick\Downloads\Pork Butt Rub (2).txt
2016-11-29 16:32 - 2016-11-29 16:32 - 21041152 _____ C:\Users\Rick\Downloads\System.evtx
2016-11-29 16:17 - 2016-11-29 16:17 - 21041152 _____ C:\Users\Rick\Downloads\Applications.evtx
2016-11-29 05:06 - 2016-11-29 05:06 - 03070451 _____ C:\Users\Rick\Documents\System.zip
2016-11-28 21:01 - 2016-11-28 21:02 - 02042944 _____ C:\Users\Rick\Documents\Applications.zip
2016-11-28 20:58 - 2016-11-28 20:58 - 21041152 _____ C:\Users\Rick\Documents\System.evtx
2016-11-28 20:57 - 2016-11-28 20:57 - 21041152 _____ C:\Users\Rick\Documents\Applications.evtx
2016-11-28 19:27 - 2016-11-28 19:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Rick\Downloads\rkill.scr
2016-11-28 16:19 - 2016-11-28 16:19 - 01631928 _____ (Malwarebytes) C:\Users\Rick\Downloads\JRT.exe
2016-11-28 16:10 - 2016-11-28 16:10 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (2).exe
2016-11-28 16:08 - 2016-11-28 16:08 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64 (1).exe
2016-11-28 16:07 - 2016-11-28 16:07 - 04286744 _____ (Microsoft Corporation) C:\Users\Rick\Downloads\vcredist_x64.exe
2016-11-27 19:15 - 2016-11-27 19:16 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-11-27 18:55 - 2016-11-27 18:55 - 03910208 _____ C:\Users\Rick\Downloads\adwcleaner_6.030.exe
2016-11-27 18:38 - 2016-11-27 18:38 - 22851472 _____ (Malwarebytes ) C:\Users\Rick\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-27 17:33 - 2016-11-27 18:25 - 00034543 _____ C:\Users\Rick\Downloads\Addition.txt
2016-11-27 17:29 - 2016-12-21 15:04 - 00021525 _____ C:\Users\Rick\Downloads\FRST.txt
2016-11-27 17:28 - 2016-12-21 15:03 - 00000000 ____D C:\FRST
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0.apk
2016-11-26 19:28 - 2016-11-26 19:29 - 38300468 _____ C:\Users\Rick\Downloads\firefox-browser-for-android-50-0 (1).apk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 14:59 - 2013-05-21 18:32 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3431173695-69639140-411144729-1002
2016-12-21 14:54 - 2014-01-12 23:30 - 00000000 ___DO C:\Users\Rick\SkyDrive
2016-12-21 14:14 - 2014-05-04 20:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-21 13:33 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-21 07:27 - 2015-12-03 19:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-19 15:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-19 04:09 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-12-19 03:45 - 2013-11-14 02:28 - 00799036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-19 03:41 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 02:37 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-18 18:19 - 2013-11-19 21:26 - 00000000 ____D C:\ProgramData\ProductData
2016-12-17 22:40 - 2013-08-14 04:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-17 22:32 - 2013-05-22 18:10 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-17 22:18 - 2014-01-15 22:11 - 87736320 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 05742592 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00061440 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2016-12-17 22:18 - 2014-01-15 22:11 - 00024576 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2016-12-17 14:52 - 2013-05-21 18:24 - 00000000 ____D C:\Users\Rick\AppData\Local\Packages
2016-12-17 07:22 - 2013-08-22 09:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 22:27 - 2013-05-22 05:18 - 00000000 ____D C:\Users\Rick\AppData\Local\CrashDumps
2016-12-16 22:21 - 2014-12-16 13:13 - 00000000 ____D C:\Users\Guest\Desktop\Vicki Lynn Stief_files
2016-12-16 22:21 - 2014-12-03 11:19 - 00000000 ____D C:\Users\Guest\Desktop\Facebook_files
2016-12-16 22:21 - 2014-11-15 11:24 - 00000000 ____D C:\Users\Guest\Desktop\Account Info_files
2016-12-16 22:21 - 2014-11-15 10:42 - 00000000 ____D C:\Users\Guest\Desktop\Remedy by our Grandmothers for Treating Asthma, Bronchitis, Coughs and Lung Problems - Daily Nutrition News_files
2016-12-16 22:21 - 2014-11-12 09:34 - 00000000 ____D C:\Users\Guest\Desktop\The 18 signs of a psychopath _ Health - WGAL Home_files
2016-12-16 22:21 - 2014-10-22 13:35 - 00000000 ____D C:\Users\Guest\Desktop\Classic - Miss Lippy By Vicki Stief (boobahh52) on Myspace_files
2016-12-16 22:21 - 2014-10-21 11:20 - 00000000 ____D C:\Users\Guest\Desktop\Natural Remedy to Rid of Wrinkles _ Health Digezt_files
2016-12-16 22:21 - 2014-10-18 10:44 - 00000000 ____D C:\Users\Guest\Desktop\Club Pogo  YAHTZEE Party!_files
2016-12-16 22:21 - 2014-09-27 21:34 - 00000000 ____D C:\Users\Guest\Desktop\12 Ways Multiple Sclerosis Affects the Body_files
2016-12-16 22:19 - 2013-08-22 08:25 - 00000128 _____ C:\WINDOWS\win.ini
2016-12-16 18:13 - 2013-11-09 20:31 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 18:13 - 2013-11-09 20:31 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 13:26 - 2014-05-16 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-16 13:00 - 2014-11-21 10:46 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-16 13:00 - 2013-08-22 08:25 - 00000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_236
2016-12-15 20:41 - 2012-08-28 07:07 - 00000000 ____D C:\ProgramData\Norton
2016-12-15 20:37 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-15 20:30 - 2016-05-17 14:32 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-12-15 20:30 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-15 20:28 - 2012-08-28 07:07 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-12-15 20:24 - 2016-05-15 09:27 - 00001298 _____ C:\Users\Rick\Desktop\Norton Installation Files.lnk
2016-12-15 20:24 - 2014-05-03 05:11 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-12-14 19:15 - 2016-01-15 19:55 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 19:15 - 2016-01-15 19:55 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 19:15 - 2014-05-04 20:08 - 00003582 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 19:14 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 18:03 - 2014-01-12 23:31 - 00003762 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CE73BFD4-8A76-4CEF-9A5E-A3B42F8E01F8}
2016-12-13 15:42 - 2013-09-05 17:30 - 00000000 ____D C:\Users\Rick\AppData\Roaming\PhotoScape
2016-12-13 15:11 - 2013-08-13 04:54 - 00000000 ____D C:\Users\Rick\AppData\Local\ElevatedDiagnostics
2016-12-10 14:41 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Rick
2016-12-10 11:39 - 2014-01-12 23:00 - 00000000 ____D C:\Users\Guest
2016-12-06 21:21 - 2013-10-31 05:29 - 00000000 ____D C:\Users\Guest\AppData\LocalLow\IObit
2016-12-06 12:47 - 2013-11-11 13:49 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-12-05 21:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Performance
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\ProgramData\IObit
2016-12-05 15:21 - 2013-05-22 05:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-05 15:19 - 2013-05-22 05:12 - 00000000 ____D C:\Users\Rick\AppData\Roaming\IObit
2016-12-05 09:18 - 2014-04-29 05:56 - 74821632 _____ C:\WINDOWS\system32\config\COMPONENTS.iodefrag.bak
2016-12-04 16:44 - 2014-06-08 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-04 13:31 - 2015-02-11 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-04 13:28 - 2013-06-25 05:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-04 13:25 - 2014-06-24 18:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-04 12:39 - 2015-12-16 04:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-12-04 12:31 - 2013-09-29 21:20 - 00000000 ____D C:\Users\Rick\AppData\Local\Google
2016-12-04 12:30 - 2016-05-17 14:26 - 00000000 ____D C:\WINDOWS\system32\Drivers\NSBUx64
2016-11-29 05:05 - 2015-12-01 17:51 - 00000000 ____D C:\Users\Rick\Documents\Swiss Beach_files
2016-11-27 16:37 - 2016-04-05 14:21 - 00000000 ____D C:\Users\Rick\Desktop\List of Emoticons for Facebook - Facebook Symbols and Chat Emoticons_files
2016-11-27 16:37 - 2015-12-24 17:10 - 00000000 ____D C:\Users\Rick\Desktop\MyLGHealth - Login Page_files
2016-11-27 16:37 - 2015-12-09 16:21 - 00000000 ____D C:\Users\Rick\Documents\Pervertians_files
2016-11-27 16:37 - 2015-12-07 18:31 - 00000000 ____D C:\Users\Rick\Documents\Stalkerish _ We Find the Hottest Girls on the Web For You_files
2016-11-27 16:37 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-11-27 16:30 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration
2016-11-26 10:44 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2014-06-19 14:13 - 2014-06-19 14:13 - 0000024 _____ () C:\Users\Rick\AppData\Roaming\temp.ini
2014-01-12 22:53 - 2014-01-12 22:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-19 05:22

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Rick (21-12-2016 15:07:00)
Running from C:\Users\Rick\Downloads
Windows 8.1 (Update) (X64) (2014-01-13 04:26:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3431173695-69639140-411144729-500 - Administrator - Disabled)
Guest (S-1-5-21-3431173695-69639140-411144729-501 - Limited - Disabled) => C:\Users\Guest
Rick (S-1-5-21-3431173695-69639140-411144729-1002 - Administrator - Enabled) => C:\Users\Rick

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccelerateTab (HKLM-x32\...\AccelerateTab_is1) (Version: 2.6 - AccelerateTab)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adult Emoticons and Avatars (HKLM-x32\...\Adult Emoticons and Avatars) (Version:  - Sherv.NET)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.0.3 - IObit)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{19CB64EB-ACFE-681D-B571-A8A3398F1943}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4220.52 - CyberLink Corp.)
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Gateway Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Gateway Incorporated)
Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.3001 - Gateway Incorporated)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
IObit Apps Toolbar v9.1 (HKLM-x32\...\{BAADB485-50A5-4E37-AE32-04F35DCEC14B}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3003 - Gateway Incorporated)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.469.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Norton Security (HKLM-x32\...\NSBU) (Version: 22.8.1.14 - Symantec Corporation)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 3.1.0.2 - IObit)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB1795-04AD-46BA-A86B-8D0D96BCA903} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {25370D1F-AB0C-4AD8-8FD2-43FEE38C9927} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-11-10] (IObit)
Task: {2D65F4E3-D049-45A5-9CFA-42237233D401} - System32\Tasks\{132D027F-B8D3-46B3-9E83-E92DDA5013B8} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT.exe -d C:\Users\Rick\Downloads
Task: {30A684AF-3445-4816-9CD6-EAC2D9ABC406} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {38320A16-69CF-4FB4-8132-212CC2BC19D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\WINDOWS\system32\GWX\GWXConfigManager.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4264D1D5-0C65-4DC5-B27E-BE53D0FAC3AB} - System32\Tasks\Uninstaller_SkipUac_Rick => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {48CF1E55-8C35-4806-8361-69AF4B249DF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {4B0224BB-A1FD-417B-B68D-9DD36B3A3C55} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {4B305338-B260-4DC3-8386-3B20A442F2E9} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {52F1803B-E997-47F1-9809-556C6F895176} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-03-20] ()
Task: {5F3932DA-63A4-4957-A8D6-8C52E3818DD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6C0197EF-3FF9-47DB-A918-14AEA4A5CDC5} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-08] (IObit)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {74DD6AED-2B78-4F15-8535-539754CEB0EA} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {8E799522-D9C8-4D55-8B38-4E692F97FF4E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\WSCStub.exe [2016-11-11] (Symantec Corporation)
Task: {8FCDC074-3E08-4AC6-85BD-C1446E7959F0} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {94325F09-D9D7-442A-B318-C15C7ADAB73C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {9EE109CB-DE88-4556-B754-318F6444D61B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {B16ECAAC-D07B-4BFF-A1D5-5165B2433D79} - System32\Tasks\ASC10_SkipUac_Rick => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-11-11] (IObit)
Task: {B1C35841-A6E0-4178-B386-05672B61207B} - System32\Tasks\{898F92F8-CB40-4FCF-BC98-45DB5B4B9DC2} => pcalua.exe -a C:\Users\Rick\Downloads\SymNRT(1).exe -d C:\Users\Rick\Downloads
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C273A462-4CFB-4AA0-8467-47FE55DF4155} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
Task: {C3A104BE-C907-43D7-8D59-B6C293CFB7FF} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe [2016-11-11] (Symantec Corporation)
Task: {C86BE6BB-C54D-46AA-9954-69E267D795C4} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D09BA7A6-1E04-448E-8E9A-C124A5EB71ED} - System32\Tasks\Driver Booster SkipUAC (Rick) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {D814DFA0-0D39-4717-8588-C75BB62A16B1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\WINDOWS\system32\GWX\GWXUXWorker.exe
Task: {DB8B83BA-107E-46E0-A6A5-25E516880E85} - \Driver Booster SkipUAC (SYSTEM) -> No File <==== ATTENTION
Task: {E77C213F-FF82-47FA-812F-3B8CFFF4F3E4} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {EF94806C-EEDE-499D-8F49-73A274E53A78} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {F69FC3D9-9077-46E5-BB74-BE9A82DD9738} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-11-11] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rick\Favorites\Gateway\Gateway.lnk -> hxxp://www.gateway.com/

==================== Loaded Modules (Whitelisted) ==============

2016-12-04 12:40 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-04 12:40 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-21 18:56 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-12-04 12:38 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-12-04 12:38 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-12-04 12:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2016-12-05 15:19 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2016-12-05 15:19 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00355616 _____ () C:\Program Files (x86)\IObit\Classic Start\madExcept_.bpl
2016-10-21 18:55 - 2015-12-29 10:29 - 00190240 _____ () C:\Program Files (x86)\IObit\Classic Start\madBasic_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00057632 _____ () C:\Program Files (x86)\IObit\Classic Start\madDisAsm_.bpl
2016-10-21 18:55 - 2015-12-29 10:30 - 00275576 _____ () C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00059680 _____ () C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
2016-10-21 18:55 - 2015-12-29 10:30 - 00625440 _____ () C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
2016-10-21 18:55 - 2015-12-29 10:31 - 00047904 _____ () C:\Program Files (x86)\IObit\Classic Start\winkey.dll
2016-12-04 12:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-12-04 12:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-12-04 12:40 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-12-04 12:40 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2016-12-05 15:19 - 2016-03-31 17:57 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2016-12-05 15:19 - 2016-03-31 17:57 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-16 22:20 - 2016-12-16 22:20 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3431173695-69639140-411144729-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Rick\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\10924721_846524365397807_6267246092458262385_n.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SearchSettings"
HKU\S-1-5-21-3431173695-69639140-411144729-1002\...\StartupApproved\Run: => "Advanced SystemCare 8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{88DC0B4A-8DAA-4E99-873E-86CC8CAEB68A}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{74B44DF6-AA11-411A-BB22-2916A49541CE}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{20C6A0BE-B768-43E3-9CE3-34667EC258A3}] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{9366FACF-BB72-4C31-99BA-7C5A1FBD72A9}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{5B498646-29BA-4BAC-8561-4693EB1F74FB}] => C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}] => C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{CFA4E105-EA7C-467A-8B4C-C585732AC972}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5C05799A-6948-43D4-BDA6-E5177D828E6E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF64259A-7933-4C09-B486-40DF487ACFE6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4DF57E0-AD3D-41C1-B760-2426DF39A632}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F8683892-3081-473C-8AF6-7763F65993E6}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{56A5F014-4744-43D8-973C-4F861743EF9C}] => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{BE0D0BF1-7A31-42DE-8A5D-39F273F5DD4A}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B5715047-7AAF-4CFF-A77E-40AFA509CB8D}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{7672CCCB-6DBD-457B-AD7B-812A137FB397}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{4E945D23-AEE4-4961-ABE6-3CBFEA02D0AC}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{F6005C09-3EC6-4E6E-AC87-4B6EC2DDEE95}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{C3570ECB-1D19-483E-9541-CD9728E373E0}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{87183292-B196-4AED-8BFE-087AB3470FF6}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{13ADA62A-18C0-437B-831E-A5C5D1C4FD56}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{D3B237C3-2FA0-4AFF-A012-5608A162625C}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{7952446B-EC3B-4639-925F-077C431DBF4F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{0F371085-04B0-4CBE-9820-B1DE3A63544D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-12-2016 16:32:40 Scheduled Checkpoint
16-12-2016 05:25:07 Windows Modules Installer
16-12-2016 19:45:48 Tweaking.com - Windows Repair
17-12-2016 19:39:32 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/21/2016 03:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64(1).exe version 21.12.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 898

Start Time: 01d25bc4b6fbec4b

Termination Time: 153

Application Path: C:\Users\Rick\Downloads\FRST64(1).exe

Report Id: 17b8459e-c7b8-11e6-871d-7427ea2c4ee7

Faulting package full name:

Faulting package-relative application ID:

Error: (12/19/2016 03:00:58 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/18/2016 05:36:22 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 10:40:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (12/17/2016 03:22:28 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/17/2016 02:44:07 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
    The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:51 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (12/17/2016 06:47:50 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: HOME)
Description: Installing the performance counter strings for service .NET Data Provider for SqlServer () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (12/20/2016 03:39:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/20/2016 04:08:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 7 service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/20/2016 04:03:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/19/2016 03:34:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 05:23:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/19/2016 03:41:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:32:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: December, 2016 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB3205404).

Error: (12/17/2016 10:20:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (12/17/2016 10:19:06 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


CodeIntegrity:
===================================
  Date: 2016-12-19 03:41:15.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 22:20:05.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 18:29:46.412
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 15:34:52.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-17 07:22:30.081
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-04 05:53:52.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:47.567
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:43.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:38.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-12-04 05:53:34.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3800.02 MB
Available physical RAM: 1718.64 MB
Total Virtual: 4440.02 MB
Available Virtual: 2100 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:439.61 GB) (Free:389.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2AD815CD)

Partition: GPT.

==================== End of Addition.txt ============================

Hello again,

It seems that there are a few things to fix here. Let me know once the fixes are complete whether it worked and if the system is better...

Do you know these Chrome Extensions:
CHR Extension: () - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco [2016-11-30]

CHR Extension: () - C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic [2016-12-11]

---

Fix with Farbar Recovery Scan Tool



Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on FRST icon and select Run as Administrator to start the tool.
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please post it to your reply.

We need to try something else
Should I still have Norton disabled?

Yes, disable Norton temporarily.

Did you encounter issues? If you disable Norton, please try again.

Okay, let me know if it went well.

I keep getting "Fixlist.txt not found

...And FRST program and the fixlist.txt is in the same exact location?

I'm not sure how to get them to the same location

Let's do the following scan and see if this will make it easier (I can find the same offending lines in this tool and we can fix only using this tool):

Download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 12/23/2016 8:00:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rick\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18500)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.71 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 29.27% Memory free
5.55 Gb Paging File | 1.65 Gb Available in Paging File | 29.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 439.61 Gb Total Space | 387.91 Gb Free Space | 88.24% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2016/12/23 19:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Downloads\OTL.exe
PRC - [2016/12/15 17:19:48 | 000,510,920 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/11/21 11:03:04 | 005,386,528 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
PRC - [2016/11/12 01:37:19 | 000,289,080 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
PRC - [2016/11/11 22:09:32 | 000,118,448 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\coNatHst.exe
PRC - [2016/11/10 16:17:44 | 003,331,872 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
PRC - [2016/11/08 18:29:38 | 001,065,248 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
PRC - [2016/11/03 14:47:24 | 001,690,400 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
PRC - [2016/11/01 14:21:22 | 006,006,560 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2016/10/31 14:29:50 | 003,076,896 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
PRC - [2016/10/28 14:54:10 | 000,360,736 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
PRC - [2016/10/21 14:48:46 | 001,600,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2016/10/18 14:17:02 | 002,275,104 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2016/10/14 10:37:14 | 000,462,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
PRC - [2016/07/29 12:57:32 | 003,046,688 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2016/04/19 09:26:54 | 002,202,912 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
PRC - [2015/12/29 10:30:58 | 000,069,408 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
PRC - [2015/12/29 10:30:38 | 001,063,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe
PRC - [2012/07/05 19:50:26 | 000,553,616 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/11/01 10:11:58 | 000,078,624 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
MOD - [2016/09/26 13:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
MOD - [2016/09/26 13:59:22 | 000,631,072 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
MOD - [2016/08/18 18:43:40 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
MOD - [2016/08/18 18:43:36 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
MOD - [2016/08/18 18:43:34 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
MOD - [2016/06/21 19:30:02 | 000,442,144 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2016/06/21 19:29:58 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2016/06/21 19:29:56 | 000,210,720 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2016/01/11 17:03:24 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
MOD - [2016/01/11 17:02:48 | 000,630,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
MOD - [2015/12/29 10:30:42 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
MOD - [2015/12/29 10:30:22 | 000,625,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\ProductStatistics.dll
MOD - [2015/12/29 10:30:12 | 000,059,680 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
MOD - [2015/12/29 10:30:06 | 000,355,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\madexcept_.bpl
MOD - [2015/12/29 10:30:00 | 000,057,632 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\maddisAsm_.bpl
MOD - [2015/12/29 10:29:58 | 000,190,240 | ---- | M] () -- C:\Program Files (x86)\IObit\Classic Start\madbasic_.bpl
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
MOD - [2015/12/28 13:50:58 | 000,899,872 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/12/14 08:52:08 | 000,329,480 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2016/10/19 19:09:37 | 001,628,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/08/14 09:38:31 | 000,840,704 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/21 03:23:08 | 000,246,784 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2016/04/01 08:57:29 | 001,673,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016/04/01 08:54:55 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2015/09/16 03:36:54 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/07 04:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/07 04:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/06/23 19:58:36 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015/06/23 19:57:20 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/05/30 14:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/02/20 18:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/11/19 06:09:13 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/11/19 06:05:25 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/11/19 06:04:57 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/11/19 06:04:45 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/11/19 06:04:34 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/11/19 06:04:27 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/11/19 06:03:53 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/11/19 06:03:37 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/11/19 06:03:37 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/11/19 06:03:35 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/11/19 06:03:32 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/11/19 06:03:30 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/11/19 06:03:08 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/11/19 06:03:08 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/11/19 06:03:07 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/11/19 06:03:04 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/11/19 06:02:45 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/11/19 06:02:43 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/11/19 06:02:41 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/11/19 06:01:52 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/11/19 06:00:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/11/19 06:00:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/11/19 06:00:26 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012/12/13 15:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2016/12/15 17:19:48 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/12/13 19:14:59 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/11/12 01:37:19 | 000,289,080 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe -- (NSBU)
SRV - [2016/10/28 14:54:10 | 000,360,736 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe -- (IObitUnSvr)
SRV - [2016/10/21 14:48:46 | 001,600,800 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2016/10/14 10:37:14 | 000,462,624 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe -- (AdvancedSystemCareService10)
SRV - [2016/07/29 12:57:32 | 003,046,688 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2015/12/29 10:30:38 | 001,063,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Classic Start\SMService.exe -- (SMService)
SRV - [2015/06/23 19:58:36 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/11/19 06:06:57 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/11/19 06:00:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/11/19 06:00:30 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/15 13:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/12/15 20:30:28 | 000,100,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2016/12/04 13:18:58 | 000,946,696 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2016/11/11 22:10:30 | 000,567,512 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2016/11/11 22:10:00 | 001,628,888 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\symefasi64.sys -- (SymEFASI)
DRV:64bit: - [2016/11/11 22:10:00 | 000,024,192 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\SymELAM.sys -- (SymELAM)
DRV:64bit: - [2016/11/11 22:08:35 | 000,289,520 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2016/11/11 22:08:11 | 000,174,328 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\ccSetx64.sys -- (ccSet_NSBU)
DRV:64bit: - [2016/11/11 22:07:57 | 000,784,624 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2016/11/11 22:07:56 | 000,049,400 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2016/10/31 03:12:29 | 000,418,784 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2016/10/19 19:09:36 | 000,921,944 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2016/09/20 14:43:08 | 000,420,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/07/26 04:40:48 | 000,057,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/07/21 03:37:29 | 000,101,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtihdWB6.sys -- (AtiHDAudioService)
DRV:64bit: - [2016/07/21 03:23:35 | 021,639,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2016/07/21 03:23:35 | 000,665,600 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2016/06/27 06:59:05 | 000,087,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2016/04/01 08:50:51 | 000,072,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/03/22 11:02:16 | 000,021,360 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2015/11/20 17:22:28 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/11/08 14:31:31 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2015/10/25 12:59:52 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/07 04:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/07 04:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/07 04:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/05/21 03:52:49 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/05/01 10:07:35 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/04/22 14:22:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/04/22 04:28:11 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/04 05:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2015/01/18 05:50:36 | 000,272,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2014/12/29 15:58:47 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/12/29 15:58:44 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2014/12/29 15:58:42 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/12/29 15:58:41 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/11/19 06:09:38 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/11/19 06:09:14 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/11/19 06:04:31 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/11/19 06:04:27 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/11/19 06:04:24 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/11/19 06:00:39 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/11/19 06:00:25 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/04/08 18:54:36 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/04/08 18:54:35 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/01/13 01:45:36 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/12/24 13:39:52 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV - [2016/12/16 15:59:56 | 001,038,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\IPSDefs\20161221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2016/12/13 16:48:44 | 001,874,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security with Backup\NortonData\22.8.1.14\Definitions\BASHDefs\20161220.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2016/09/22 14:38:34 | 000,497,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2016/07/27 17:37:38 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2016/04/01 10:13:32 | 000,022,208 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys -- (IMFFilter)
DRV - [2014/12/28 20:07:54 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2014/03/13 03:24:24 | 000,028,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\AMD\WU-CCC2\ccc2_install\Support64\atdcm64a.sys -- (AtiDCM)
DRV - [2010/11/01 05:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ECF39224-BA91-4599-A47F-7B180AC6F4E0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{ECF39224-BA91-4599-A47F-7B180AC6F4E0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 71 5A E0 2E 97 AE D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 21 00 00 00 B3 93 2F 16 C2 1B 98 6B FF 58 27 BE 03 FC 02 21 14 A2 29 F0 E1 F8 A0 81 76 F5 B2 CC 45 E9 D8 73 2B 02 00 00 00 10 00 00 00 50 5A 77 25 32 62 48 6C 7A 34 6F 76 6B 25 33 64  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {ECF39224-BA91-4599-A47F-7B180AC6F4E0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{B91B95CE-6BBA-406B-AA86-EFBC0705308D}: "URL" = https://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
IE - HKCU\..\SearchScopes\{ECF39224-BA91-4599-A47F-7B180AC6F4E0}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.112.2: C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.112.2: C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\COFFADDON\ [2016/12/16 01:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon\ [2016/12/16 01:41:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\BingSearchExtension: enable
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\DSE: true
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Market: en-us
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\Package: DefaultPack
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\OSVersion: 6.2.9200.1
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\LVersion: 1.7.50.0
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\BingExtension\\MFVersion: MF39.0 (x86 en-US)
 
[2013/05/22 20:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Extensions
[2016/12/14 15:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\ahzejier.default-1481747222543\extensions
[2016/12/15 17:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.1.3_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2016.0.2.3_1\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe\1.1.4_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfoabcdjalmeenbjjngidappmppchblc\1.0.0.16_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_2\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl\1.1.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabmfheafnaedbmedpdijblbgkhehaco\1.5.8_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\
 
O1 HOSTS File: ([2016/12/23 10:56:36 | 000,000,064 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1    mssplus.mcafee.com
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (IObit)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 10] C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016/12/23 10:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2016/12/17 19:44:06 | 000,835,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/12/17 19:44:06 | 000,177,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/12/17 16:08:29 | 000,000,000 | -HSD | C] -- C:\found.000
[2016/12/16 23:38:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2016/12/16 22:24:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\catroot2
[2016/12/16 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Tweaking.com - Windows Repair
[2016/12/16 13:09:08 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\tweaking.com_windows_repair_aio
[2016/12/15 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2016/12/15 20:30:29 | 000,100,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2016/12/15 20:28:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security with Backup
[2016/12/15 20:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security with Backup
[2016/12/15 17:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2016/12/13 17:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2016/12/12 20:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2016/12/05 15:21:00 | 000,128,288 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\IObitSmartDefragExtension.dll
[2016/12/05 15:20:56 | 000,021,360 | ---- | C] (IObit) -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys
[2016/12/05 15:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2016/12/05 15:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
[2016/12/04 16:50:11 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\Old Firefox Data
[2016/12/04 13:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2016/12/04 13:31:15 | 000,097,856 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2016/12/04 13:18:58 | 000,946,696 | ---- | C] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2016/12/04 13:18:58 | 000,082,544 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2016/12/04 13:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
[2016/12/04 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2016/11/27 17:28:32 | 000,000,000 | ---D | C] -- C:\FRST
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[15 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016/12/23 20:14:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2016/12/23 20:02:09 | 000,001,106 | ---- | M] () -- C:\Users\Rick\Desktop\OTL.lnk
[2016/12/23 10:56:36 | 000,000,064 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2016/12/23 10:56:31 | 000,002,001 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/12/23 10:56:31 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2016/12/22 07:39:53 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[2016/12/22 07:17:10 | 000,799,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016/12/22 07:17:10 | 000,663,166 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016/12/22 07:17:10 | 000,124,496 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016/12/22 07:08:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016/12/22 07:08:46 | 3187,687,424 | -HS- | M] () -- C:\hiberfil.sys
[2016/12/22 07:07:54 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016/12/22 04:49:34 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_Rick.job
[2016/12/19 08:38:36 | 000,423,638 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\VT20161219.005
[2016/12/17 19:43:57 | 005,328,400 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\Cat.DB
[2016/12/17 19:43:53 | 000,835,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/12/17 19:43:53 | 000,177,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/12/17 07:22:10 | 000,337,808 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/12/16 22:04:14 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/12/16 13:00:54 | 000,000,853 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts_bak_236
[2016/12/15 20:30:28 | 000,100,592 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS
[2016/12/15 20:30:28 | 000,008,319 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2016/12/15 20:30:28 | 000,000,854 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2016/12/15 20:30:10 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/12/15 20:24:05 | 000,001,298 | ---- | M] () -- C:\Users\Rick\Desktop\Norton Installation Files.lnk
[2016/12/14 19:15:17 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2016/12/13 02:29:25 | 000,423,463 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NSBUx64\1608010.00E\VT20161212.021
[2016/12/05 16:27:00 | 000,000,115 | ---- | M] () -- C:\Users\Rick\Desktop\Geek Police.url
[2016/12/05 15:19:35 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2016/12/05 15:19:31 | 000,001,181 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 5.lnk
[2016/12/05 04:33:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2016/12/04 13:32:25 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2016/12/04 13:30:42 | 000,097,856 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2016/12/04 13:18:58 | 000,946,696 | ---- | M] (Realtek                                            ) -- C:\WINDOWS\SysNative\drivers\Rt630x64.sys
[2016/12/04 13:18:58 | 000,082,544 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\SysNative\RtNicProp64.dll
[2016/12/04 12:40:36 | 000,001,391 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2016/12/04 12:26:31 | 000,851,968 | ---- | M] () -- C:\WINDOWS\SysNative\SxsTrace.etl
[2016/11/29 05:06:39 | 003,070,451 | ---- | M] () -- C:\Users\Rick\Documents\System.zip
[2016/11/28 21:02:01 | 002,042,944 | ---- | M] () -- C:\Users\Rick\Documents\Applications.zip
[2016/11/28 20:58:27 | 021,041,152 | ---- | M] () -- C:\Users\Rick\Documents\System.evtx
[2016/11/28 20:57:21 | 021,041,152 | ---- | M] () -- C:\Users\Rick\Documents\Applications.evtx
[6 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[15 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016/12/23 20:02:09 | 000,001,106 | ---- | C] () -- C:\Users\Rick\Desktop\OTL.lnk
[2016/12/23 10:56:31 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2016/12/23 10:54:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2016/12/16 22:04:14 | 000,863,592 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/12/15 20:30:29 | 000,008,319 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT
[2016/12/15 20:30:29 | 000,000,854 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF
[2016/12/15 20:30:10 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security with Backup.lnk
[2016/12/05 16:26:37 | 000,000,115 | ---- | C] () -- C:\Users\Rick\Desktop\Geek Police.url
[2016/12/05 15:19:35 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2016/12/05 15:19:31 | 000,001,181 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 5.lnk
[2016/12/05 04:33:49 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2016/12/04 13:10:00 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Booster 4.lnk
[2016/12/04 12:41:27 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Uninstaller_SkipUac_Rick.job
[2016/12/04 12:40:36 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[2016/12/04 12:40:36 | 000,001,391 | ---- | C] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2016/12/04 12:38:57 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
[2016/12/04 10:57:05 | 000,851,968 | ---- | C] () -- C:\WINDOWS\SysNative\SxsTrace.etl
[2016/11/29 05:06:37 | 003,070,451 | ---- | C] () -- C:\Users\Rick\Documents\System.zip
[2016/11/28 21:01:58 | 002,042,944 | ---- | C] () -- C:\Users\Rick\Documents\Applications.zip
[2016/11/28 20:58:24 | 021,041,152 | ---- | C] () -- C:\Users\Rick\Documents\System.evtx
[2016/11/28 20:57:19 | 021,041,152 | ---- | C] () -- C:\Users\Rick\Documents\Applications.evtx
[2016/07/21 03:23:34 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll
[2016/07/21 03:23:08 | 000,189,952 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2016/07/21 03:23:08 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2016/07/21 03:23:08 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2014/12/28 20:04:29 | 000,004,616 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpService.ini
[2014/12/28 20:04:29 | 000,002,448 | ---- | C] () -- C:\WINDOWS\SysWow64\LavasoftTcpServiceOff.ini
[2014/06/19 14:13:16 | 000,000,024 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\temp.ini
[2014/01/12 22:53:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
 
========== ZeroAccess Check ==========
 
[2014/02/23 18:51:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2016/09/20 14:39:39 | 022,360,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/09/20 14:39:40 | 019,789,232 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2014/11/19 06:02:02 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/11/19 06:06:35 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2014/11/19 06:02:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Rick\SkyDrive:ms-properties

< End of report >

Please take note of what extensions you want to keep on Google Chrome, and then download and run the Google Chrome Software Cleaner. It will not delete anything but extensions and other foul things that cause problems.

Google Chrome is possibly infected, but this software is dedicated to helping remove most common problems and fix settings that malware might try to change.

Then, please do the following:

Please download Malwarebytes' AdwCleaner onto your Desktop.

• Double click on AdwCleaner_xxxx.exe to run the tool.
  
• Click on Scan.
  
• After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

# AdwCleaner v6.041 - Logfile created 24/12/2016 at 19:12:12
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\Rick\AppData\Roaming\lavasoft\web companion
Folder Found:  C:\ProgramData\lavasoft\web companion
Folder Found:  C:\ProgramData\Application Data\lavasoft\web companion
Folder Found:  C:\Users\Public\Documents\Downloaded Installers
Folder Found:  C:\Program Files (x86)\lavasoft\web companion
Folder Found:  C:\Program Files (x86)\Yahoo!\yset
Folder Found:  C:\WINDOWS\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fopdddcinljmpmioaklghcalngfhbaen
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hbcennhacfaagdopikcegfcobcadeocj
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pfndaklgolladniicklehhancnlgocpp
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnnbmiailafajdkboegcjcdklooomfic


***** [ Files ] *****

File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3431173695-69639140-411144729-1002\Products\D18D56BAA303BDD4CAC7219CDCF976BF
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3431173695-69639140-411144729-1002\Products\363FB0CBBA367FF4E81FEAD0F717B142
Value Found:  HKU\S-1-5-21-3431173695-69639140-411144729-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [BackgroundContainer]
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [SearchSettings]
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" -  "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com search
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe.search.ask.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbmegnmpleoagolcnjnejdacakedpcgd
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5379 Bytes] - [24/12/2016 19:12:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5452 Bytes] ##########

Ensure Norton's program is disabled for these fixes... Looks like we found the Google Chrome culprits...

Remove the Adware

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner_xxxx.exe to run the tool.
  
• Press Scan, wait for it to finish, and then hit Clean.
  
• Your computer will be rebooted automatically. If it does not, please reboot the computer manually.
  
• Once it is restarted and you're back in Windows, double-click adwcleaner_xxxx.exe, hit "Logfile." On the Cleaning tab, double-click the latest logfile, copy the contents, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

• Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  
• Follow the prompts and let this process run uninterrupted.
  
• This scan can take a while, depending on your System specs.
  
• Upon completion, a log (JRT.txt) will open on your desktop.
  

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

# AdwCleaner v6.041 - Logfile created 25/12/2016 at 06:19:07
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-23.1 [Local]
# Operating System : Windows 8.1  (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" -  "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1450 Bytes] - [25/12/2016 06:19:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1523 Bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 8.1 x64
Ran by Rick (Administrator) on Sun 12/25/2016 at  7:43:05.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\user.js (File)
Successfully deleted: C:\Users\Rick\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\Rick\Start Menu\Programs\search.lnk (Shortcut)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Rick) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Administrator (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Rick (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Rick.job (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/25/2016 at  8:04:13.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Okay, now please rerun AdwCleaner like earlier and post a new log.

# AdwCleaner v6.041 - Logfile created 26/12/2016 at 05:10:12
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-25.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Folder Found:  C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

Firefox pref Found:  [C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\ahzejier.default-1481747222543\prefs.js] - "browser.startup.homepage" -  "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - nortonsafe.search.ask.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] - yahoo.com search
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbmegnmpleoagolcnjnejdacakedpcgd
Chrome pref Found:  [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - jnnbmiailafajdkboegcjcdklooomfic

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1602 Bytes] - [25/12/2016 06:19:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [2507 Bytes] - [26/12/2016 05:10:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2580 Bytes] ##########

# AdwCleaner v6.041 - Logfile created 26/12/2016 at 05:22:18
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-25.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Rick - HOME
# Running from : C:\Users\Rick\Downloads\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder deleted: C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnnbmiailafajdkboegcjcdklooomfic


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxp://search.conduit.com/?ctid=CT3279411&octid=CT3279411&SearchSource=61&CUI=UN29590050191633836&UM=2&UP=SPC9006C68-138B-46ED-93F0-70F434A2ECAE"
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: nortonsafe.search.ask.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: yahoo.com search
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jnnbmiailafajdkboegcjcdklooomfic


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [16056 Bytes] - [14/11/2015 10:17:34]
C:\AdwCleaner\AdwCleaner[C2].txt - [5817 Bytes] - [24/12/2016 19:39:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [2182 Bytes] - [26/12/2016 05:22:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [15070 Bytes] - [14/11/2015 10:14:57]
C:\AdwCleaner\AdwCleaner[S2].txt - [5563 Bytes] - [24/12/2016 19:12:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1602 Bytes] - [25/12/2016 06:19:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [2659 Bytes] - [26/12/2016 05:10:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2548 Bytes] ##########

Good work... Now an online scanner to see if we got it all...

Run ESET Online Scan Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

No threats found

Good, now please let me know how things are running overall.

Terrible, Boot time  and the time to load pages is painfully slow. I have Internet explorer, Firefox and Chrome to use as browsers. Out of the three Firefox is the best, and it's nothing to brag about.

Okay... Is the system slow or just the browsing the web?

Is the slowness worse with more programs open, or no difference?

Everything is slow, Start-up and Browsing. The amount of open pages doesn't seem to make a difference.

Okay, would you please post a new Speccy Report, so I can take a closer look at the internals such as hardware. We'll shift this back to tech talk to see if something was missed, etc.

Hello again,

I am having one of my associates come and help diagnose, to see if there is something that I'm not seeing or if he has any ideas for diagnostics.

Your hardware and software check out fine... which is confusing to me. Let me see if he has any suggestions here.

Install latest version of network card driver and graphic card driver. You can download the drivers from either from your computer manufacturer website or from device manufacturer website.

Install all Windows updates.


In Windows 8, 8.1 and  Windows 10 simply hold down the + X keys and select the option “Command Prompt (Admin)” from the menu.




Type following command one at time at Command Prompt and for each command you have typed press Enter key.







I would suggest you to uninstall the Windows Location Provider driver and check if it helps.



1.      Tap or Press Windows key + X.

2.      Click on Device manager.

3.      Expand Sensors, right click on Windows Location Provider and click on Uninstall.

4.      Restart the computer to install the Windows drivers and check the issue.



If the issue persists, please install the latest version of chipset drivers from the manufacturer’s website and check if it helps in fixing the issue.



Clean Boot
If the  error is caused by a current running process, restart your Windows system using the clean boot method will allow you to troubleshoot if a current service or process is causing the error to appear.
With a clean boot only the necessary services and process that are required to operate Windows are started when you boot your computer.
Follow these steps:

1. Start Windows
   
   
2. Open Run dialog box by pressing     keys.
   
   
   
3. Type msconfig and press Enter key
   
   
   
4. Go to General tab > check Selective Startup option
   
   
   
5. Uncheck the Load startup items check box
   
   
   
6. Go to Services tab
   
   
   
7. Check Hide all Microsoft services check box from the bottom left corner of the window
   
   
   
8. Click Disable all
   
   
   
9. Click OK button.
   
   
   
10. Restart Windows.
    
    
    
    

To reset these changes and start your Windows normally, follow the same steps:

1. Go to the General tab
   
2. Check the Normal Startup option
   
3. Click OK
   
4. Restart
   

Please follow my instructions at my tutorial to boost speed Windows OS.

"Tweaking & Optimizing Window Operating System"
http://www.geekpolice.net/t30298-tweaking-optimizing-windows-operating-system

I installed network card driver, the graphic card driver isn't available. 2 Windows updates will not run. I don't understand how to do the rest

Your computer memory usage is very high use the Task Manager to find out which processes causing the high memory usage.

Have you follow my instructions at my tutorial to boost speed of your computer?

Have you perform a clean boot state if not how can i help you to perform clean boot state?

Use SpeedFan to monitor temperature of your computer components better yet post a screenshot of the SpeedFan.

Execute my batch script from below link to reset Windows Update components and after you have reboot the system see if you can install those two updates.

"Reset Windows Update Components"
http://www.geekpolice.net/t30309-reset-windows-update-components


Execute batch script from below link to reset Windows services to there default startup state.

"Restore Windows Services To Default Startup Settings"
http://www.geekpolice.net/t30308-restore-windows-services-to-default-startup-settings

I've followed ALL your instructions to the best of my abilities. The computer still runs slow and some pages won't open at all. I also get a banner saying "A web page is slowing down your browser, what would you like to do"

If you haven't you should uninstall third party antivirus and firewall programs to see if issue resolves.

Is the slow web browsing happening with all web browsers?

I'm not sure what you mean by third party antivirus. All browsers are slow

Hi there,

We need a complete analysis with the following tool (which checks much deeper than Speccy does). We usually request it only if it is necessary because of how much information is indexes from your computer. Please know that we are able to delete the post you have the results in at your request after we have analyzed it.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from GetSystemInfo.com and save it to your Desktop. (On the website, press the download button in the top bar)

• Please close all other applications running on your system.
  
• Right click GetSystemInfo.zip and hit Extract all. Then double click on getsysteminfo.exe to run the program.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
  
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

Please copy and paste the url of the GSI Parser report (not the log) in your next reply. If this is too difficult, please upload the file here by hitting "Reply to this topic," and then under "Attach file," hit "Browse," select the ZIP file to upload, and then press the Submit button. Once it's done uploading, please tell us in the message window and then hit the Send button.

Finished uploading

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.
  

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

---

Please download MySystem-Search from here: ftp://ftp.geekpolice.net/GPUser/DragonMasterJay/mss.exe

• Save the file to your Desktop.
  
• Right-click on mss.exe and select Run as Administrator.
  
• Allow it to run, and follow the prompts.
  
• Once done, it will launch a log.
  
• Post it in your next reply. Also, look for these files in the same location called systemintegrity.txt and HOSTS.txt. Please open them, and copy and paste that in to your next reply as well.
  

Note: the logs are long. Please use more than one post, if necessary.

MySystem-Search
 
 
MSS v1.7
 
 
Basic System Information
 
Username: Rick - Date: 01/01/2017 - Time:  0:40:03

Microsoft Windows [Version 6.3.9600]
Processor type: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
Total processors: 2
Computer Name: HOME
Logon Server: \\MicrosoftAccount
 
 
CD Emulation Drivers running?
 
Nero found!
 
 
Peer-to-Peer applications?
 
 
 
Security Tools Check
 
 
 
File associations
 
.exe=exefile
.scr=scrfile
.pif=piffile
.com=comfile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
.ini=inifile
.inf=inffile
 
 
Running processes
 
  PROCESS            PID  PRIO     PATH
IMFsrv.exe           396 Normal   C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
IUService.exe       1760 Normal   C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
LiveUpdate.exe      2796 Normal   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
NSBU.exe            1280 Normal   C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
SMService.exe       2712 Normal   C:\Program Files (x86)\IObit\Classic Start\SMService.exe
BuildIndex.exe      3792 Normal   C:\Program Files (x86)\IObit\Classic Start\BuildIndex.exe
SymErr.exe          1288 Normal   C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\SymErr.exe
NSBU.exe            2684 Normal   C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\NSBU.exe
StartMenu_Hook.exe     7520 Normal   C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
IMF.exe             8180 Normal   C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
IMFTips.exe         2160 Normal   C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
firefox.exe         6012 Normal   C:\Program Files (x86)\Mozilla Firefox\firefox.exe
firefox.exe         7868 Normal   C:\Program Files (x86)\Mozilla Firefox\firefox.exe
mss.exe             8036 Normal   C:\Users\Rick\Desktop\mss.exe
cmd.exe             1216 Normal   C:\WINDOWS\SysWOW64\cmd.exe
pv.exe              6652 Normal   C:\Users\Rick\Desktop\pv.exe
 
 
User Profile check
 
Default.migrated
Guest
Public
Rick
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    Flags    REG_DWORD    0xc
    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile
    Sid    REG_BINARY    010100000000000512000000
    RefCount    REG_DWORD    0x1
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\LocalService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath    REG_EXPAND_SZ    C:\Windows\ServiceProfiles\NetworkService
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3431173695-69639140-411144729-1002
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Rick
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x0
    Sid    REG_BINARY    0105000000000005150000003F8E83CCE49B260419928118EA030000
    Migrated    REG_BINARY    407D05F31310CF01
    ProfileAttemptedProfileDownloadTimeLow    REG_DWORD    0x0
    ProfileAttemptedProfileDownloadTimeHigh    REG_DWORD    0x0
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x3
    RunLogonScriptSync    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3431173695-69639140-411144729-501
    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Guest
    Flags    REG_DWORD    0x0
    State    REG_DWORD    0x80
    Sid    REG_BINARY    0105000000000005150000003F8E83CCE49B260419928118F5010000
    Migrated    REG_BINARY    B01274F21310CF01
    ProfileAttemptedProfileDownloadTimeLow    REG_DWORD    0x0
    ProfileAttemptedProfileDownloadTimeHigh    REG_DWORD    0x0
    ProfileLoadTimeLow    REG_DWORD    0x0
    ProfileLoadTimeHigh    REG_DWORD    0x0
    RefCount    REG_DWORD    0x0
    RunLogonScriptSync    REG_DWORD    0x0

 
 
Current Scheduled Tasks
 
PATH: C:\Windows\Tasks
 
Adobe Flash Player Updater.job
ImCleanDisabled
Uninstaller_SkipUac_Rick.job
SA.DAT
 
 
Windows Drivers and NT-Services
 
 Volume in drive C is Gateway
 Volume Serial Number is AC14-76CE

 Directory of C:\Windows\System32\Drivers

 Volume in drive C is Gateway
 Volume Serial Number is AC14-76CE

 Directory of C:\Windows\System32\Drivers

07/07/2012  03:56 AM                 8 1025_ACER_GATEWAY_SX2110G_HE1200.MRK
07/07/2012  03:56 AM             2,316 MOD01SET0500Z600M1.enc
06/18/2013  07:17 AM               646 gmreadme.txt
06/18/2013  07:17 AM         3,440,660 gm.dls
01/12/2014  11:05 PM              UMDF
12/28/2014  08:07 PM            26,528 HWiNFO64A.SYS
11/03/2016  04:41 PM              en-US
11/03/2016  04:41 PM              .
11/03/2016  04:41 PM              ..
               5 File(s)      3,470,158 bytes
               4 Dir(s)  417,156,333,568 bytes free
 
 
Stealth malware?
 
 
Internet Explorer
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
    AutoHide    REG_SZ    yes
    Security Risk Page    REG_SZ    about:SecurityRisk
    Extensions Off Page    REG_SZ    about:NoAdd-ons
    Default_Search_URL    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
    Default_Page_URL    REG_SZ    http://go.microsoft.com/fwlink/p/?LinkId=255141
    Anchor_Visitation_Horizon    REG_BINARY    01000000
    ApplicationTileImmersiveActivation    REG_DWORD    0x1
    AssociationActivationMode    REG_DWORD    0x0
    Cache_Percent_of_Disk    REG_BINARY    0A000000
    Placeholder_Width    REG_BINARY    1A000000
    x86AppPath    REG_SZ    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Placeholder_Height    REG_BINARY    1A000000
    Default_Secondary_Page_URL    REG_MULTI_SZ    
    Use_Async_DNS    REG_SZ    yes
    Start Page    REG_SZ    http://go.microsoft.com/fwlink/p/?LinkId=255141
    Local Page    REG_SZ    C:\Windows\SysWOW64\blank.htm
    Search Page    REG_SZ    http://go.microsoft.com/fwlink/?LinkId=54896
    Delete_Temp_Files_On_Exit    REG_SZ    yes
    Enable_Disk_Cache    REG_SZ    yes
    DoNotTrack    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    IE5_UA_Backup_Flag    REG_SZ    5.0
    EnableNegotiate    REG_DWORD    0x1
    MigrateProxy    REG_DWORD    0x1
    PrivacyAdvanced    REG_DWORD    0x0
    ProxyEnable    REG_DWORD    0x0
    User Agent    REG_SZ    Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    ZonesSecurityUpgrade    REG_BINARY    BC1B00C01710CF01
    EmailName    REG_SZ    User@
    AutoConfigProxy    REG_SZ    wininet.dll
    MimeExclusionListForCache    REG_SZ    multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
    WarnOnPost    REG_BINARY    01000000
    UseSchannelDirectly    REG_BINARY    01000000
    EnableHttp1_1    REG_DWORD    0x1
    UrlEncoding    REG_DWORD    0x0
    SecureProtocols    REG_DWORD    0xaa0
    DisableCachingOfSSLPages    REG_DWORD    0x0
    WarnonZoneCrossing    REG_DWORD    0x0
    GlobalUserOffline    REG_DWORD    0x0
    MaxConnectionsPerServer    REG_DWORD    0xa
    MaxConnectionsPer1_0Server    REG_DWORD    0xa

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Anchor Underline    REG_SZ    yes
    Cache_Update_Frequency    REG_SZ    Once_Per_Session
    Display Inline Images    REG_SZ    yes
    Do404Search    REG_BINARY    01000000
    Local Page    REG_SZ    C:\WINDOWS\system32\blank.htm
    Save_Session_History_On_Exit    REG_SZ    no
    Show_FullURL    REG_SZ    no
    Show_StatusBar    REG_SZ    yes
    Show_ToolBar    REG_SZ    yes
    Show_URLinStatusBar    REG_SZ    yes
    Show_URLToolBar    REG_SZ    yes
    Use_DlgBox_Colors    REG_SZ    yes
    Search Page    REG_SZ    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    XMLHTTP    REG_DWORD    0x1
    Disable Script Debugger    REG_SZ    yes
    DisableScriptDebuggerIE    REG_SZ    yes
    UseClearType    REG_SZ    no
    Enable Browser Extensions    REG_SZ    yes
    Play_Background_Sounds    REG_SZ    yes
    Play_Animations    REG_SZ    yes
    Start Page    REG_SZ    http://www.msn.com/?ocid=iehp
    Default_Page_URL    REG_SZ    http://acer13.msn.com
    DisableFirstRunCustomize    REG_DWORD    0x1
    OperationalData    REG_QWORD    0xd
    FullScreen    REG_SZ    no
    IE10RunOncePerInstallCompleted    REG_DWORD    0x1
    IE10RunOnceCompletionTime    REG_BINARY    60B70B75B85FD201
    IconCache    REG_SZ    nggdy0n
    CompatibilityFlags    REG_DWORD    0x0
    Window_Placement    REG_BINARY    2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3C02000004010000240600003F030000
    Use FormSuggest    REG_SZ    no
    DownloadWindowPlacement    REG_BINARY    2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0010000960000003004000076020000
    AutoSearch    REG_DWORD    0x1
    Use Search Asst    REG_SZ    no
    RunOnceHasShown    REG_DWORD    0x1
    RunOnceComplete    REG_DWORD    0x1
    IE10RunOnceLastShown    REG_DWORD    0x1
    IE10TourShown    REG_DWORD    0x1
    ImageStoreRandomFolder    REG_SZ    fjusonk
    Isolation    REG_SZ    PMIL
    Isolation64Bit    REG_DWORD    0x0
    Check_Associations    REG_SZ    no
    Start Page_TIMESTAMP    REG_BINARY    4FD34835F162D201
    SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy    REG_BINARY    0100000049000000CB953FCE0ABDE64AA7653DCD835CF5D49C87C8EDA91EF78D12A36F43164AD3B61DCDA59545085A7EEB4B932309A7F84A1E8FC337018A3AB9E4BB7B777D01F9872CAE392A4F6787745B020000000E00000034344E4737534F70425055253364
    NoUpdateCheck    REG_DWORD    0x1
    IE10TourNoShow    REG_DWORD    0x1
    Secondary Start Pages    REG_MULTI_SZ    http://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    {CFBFAE00-17A6-11D0-99CB-00C04FD64497}    REG_SZ    


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    {2318C2B1-4965-11d4-9B18-009027A5CD4F}    REG_BINARY    00
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}    REG_SZ    Norton Toolbar


 
 
Security Center
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging
 
 
Uninstall List
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AccelerateTab_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adult Emoticons and Avatars
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare 7_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Booster_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Malware Fighter_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObitUninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit_StartMenu8_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 50.1.0 (x86 en-US)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NARA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSBU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoScape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Defrag_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent gateway Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangentGameProvider-gateway-main
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{050d4fc8-5d48-4b8f-8972-47c82c46020f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0708FF30-78C0-47B0-81F0-C84604DC769C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0B311221-05A5-4766-8D03-7A6446794156}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217065FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217067FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180102F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180112F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217025FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217040FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217055FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217055FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218066F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218072F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218074F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218077F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218092F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3AAB08A3-F129-4BD5-B409-AE674F93759D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D9CB654-99AD-4301-89C6-0D12A790767C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5B81F6D8-AFA6-BBD4-0B74-342EE195C4FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80680785-2EE1-053F-9CD3-4B2C904596EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-0070-0000-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A694AF57-9891-4D62-824C-7E55A1361A14}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6DC88AD-501A-44BC-884D-57435F972E2C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ABC88553-8770-4B97-B43E-5A90647A5B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAADB485-50A5-4E37-AE32-04F35DCEC14B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C994C746-C6D0-4EBA-B09E-DF7B18381B69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E70B2F2C-94D1-4287-B5B0-CBBE618E2652}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF0D1292-8FC1-41BE-9740-DBC134F66415}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1507473-FB6C-9CA0-8605-56B7BAD86422}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f65db027-aff3-4070-886a-0d87064aabb1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Detection
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Uninstall Applet
 
 
Adobe Products
 
 
 
Autorun
 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Advanced SystemCare 10    REG_SZ    "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    (Default)    REG_SZ    
    IObit Malware Fighter    REG_SZ    "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

 
 
Restrictions - Internet Explorer
 
 
 
Restrictions - REGEDIT
 

 
 
Restrictions - Explorer
 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoSimpleNetIDList    REG_DWORD    0x1
    NoDriveTypeAutoRun    REG_DWORD    0xdd
    NolowDiskSpaceChecks    REG_DWORD    0x1

 
 
DNS Settings
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dd24d56a-7c05-11e3-824e-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Home
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-27-EA-2C-4E-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8960:d6e9:915:6362%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, December 31, 2016 6:24:12 AM
   Lease Expires . . . . . . . . . . : Sunday, January 1, 2017 6:24:11 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 264805596
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:284c:c3ec:43d:210c:3f57:feec(Preferred)
   Link-local IPv6 Address . . . . . : fe80::43d:210c:3f57:feec%5(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 83886080
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-F9-55-74-27-EA-2C-4E-E7
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
AppInit DLLs
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    AppInit_DLLs    REG_SZ    

 
 
Shell Service Object Delay Load
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    WebCheck    REG_SZ    {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

 
 
 
Shell Execute Hooks
 

 
 
Image File Execution Options
 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cscript.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvinst.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehexthost32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ExtExport.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerPlugin_24_0_0_186.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_125_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_145_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_14_0_0_179_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_15_0_0_152_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_15_0_0_189_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_15_0_0_223_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_15_0_0_239_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_15_0_0_246_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil32_24_0_0_186_Plugin.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_125_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_145_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_14_0_0_179_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_15_0_0_152_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_15_0_0_189_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_15_0_0_223_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_15_0_0_239_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_15_0_0_246_pepper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashUtil64_24_0_0_186_Plugin.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ie4uinit.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieinstal.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ielowutil.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieUnatt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvw.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfeedssync.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mshta.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngentask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PresentationHost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PrintIsolationHost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runtimebroker.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotocolhost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\splwow64.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemSettings.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscript.exe
 
 
Security Providers
 
 
 
Local Security Authority
 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Bounds    REG_BINARY    0030000000200000
    auditbasedirectories    REG_DWORD    0x0
    fullprivilegeauditing    REG_BINARY    00
    crashonauditfail    REG_DWORD    0x0
    auditbaseobjects    REG_DWORD    0x0
    LimitBlankPasswordUse    REG_DWORD    0x1
    NoLmHash    REG_DWORD    0x1
    Notification Packages    REG_MULTI_SZ    scecli
    Authentication Packages    REG_MULTI_SZ    msv1_0
    SecureBoot    REG_DWORD    0x1
    ProductType    REG_DWORD    0x3
    disabledomaincreds    REG_DWORD    0x0
    everyoneincludesanonymous    REG_DWORD    0x0
    forceguest    REG_DWORD    0x0
    restrictanonymous    REG_DWORD    0x0
    restrictanonymoussam    REG_DWORD    0x1
    LsaPid    REG_DWORD    0x2b0
    SamConnectedAccountsExist    REG_DWORD    0x1
    Security Packages    REG_MULTI_SZ    kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0pku2u\0livessp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\CentralizedAccessPolicies
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Credssp
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\MSV1_0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\OSConfig
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache
 
 
AppCert DLLs
 
 
 
App Paths
 

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\ccleaner.exe
    (Default)    REG_SZ    C:\Program Files\CCleaner\CCleaner64.exe
    Path    REG_SZ    C:\Program Files\CCleaner

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\chrome.exe
    (Default)    REG_SZ    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    Path    REG_SZ    C:\Program Files (x86)\Google\Chrome\Application

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\cmmgr32.exe
    CmstpExtensionDll    REG_SZ    C:\Windows\System32\cmcfg32.dll
    CmNative    REG_DWORD    0x2

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\dfshim.dll
    UseURL    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\firefox.exe
    (Default)    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Path    REG_SZ    C:\Program Files (x86)\Mozilla Firefox

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEDIAG.EXE
    (Default)    REG_SZ    C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
    Path    REG_SZ    C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEDIAGCMD.EXE
    (Default)    REG_SZ    C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
    Path    REG_SZ    C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\IEXPLORE.EXE
    (Default)    REG_SZ    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    Path    REG_SZ    C:\Program Files\Internet Explorer;

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\install.exe
    BlockOnTSNonInstallMode    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\javaws.exe
    (Default)    REG_SZ    C:\Program Files (x86)\Java\jre1.8.0_112\bin\javaws.exe
    Path    REG_SZ    C:\Program Files (x86)\Java\jre1.8.0_112\bin

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\MCUI32.exe
    Path    REG_SZ    C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14
    (Default)    REG_SZ    C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\MCUI32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mip.exe
    (Default)    REG_EXPAND_SZ    %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\mplayer2.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    Path    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\NAVW32.EXE
    (Default)    REG_SZ    C:\Program Files (x86)\Norton Security with Backup\Engine\22.8.1.14\Navw32.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pbrush.exe
    (Default)    REG_EXPAND_SZ    %SystemRoot%\System32\mspaint.exe
    Path    REG_EXPAND_SZ    %SystemRoot%\System32

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PhotoScape.exe
    (Default)    REG_SZ    "C:\Program Files (x86)\PhotoScape\PhotoScape.exe"
    Path    REG_SZ    "C:\Program Files (x86)\PhotoScape\PhotoScape.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerDVD10
    Path    REG_SZ    C:\Program Files (x86)\CyberLink\PowerDVD10
    (Default)    REG_SZ    C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\PowerShell.exe
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\setup.exe
    BlockOnTSNonInstallMode    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\SnippingTool.exe
    (Default)    REG_EXPAND_SZ    %SystemRoot%\system32\SnippingTool.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\Speccy.exe
    (Default)    REG_SZ    C:\Program Files\Speccy\Speccy64.exe
    Path    REG_SZ    C:\Program Files\Speccy

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\table30.exe
    UseShortName    REG_SZ    

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\TabTip.exe
    (Default)    REG_EXPAND_SZ    %CommonProgramFiles%\microsoft shared\ink\TabTip.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wab.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\wab.exe
    Path    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wabmig.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles%\Windows Mail\wabmig.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\wmplayer.exe
    (Default)    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
    Path    REG_EXPAND_SZ    %ProgramFiles(x86)%\Windows Media Player

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WORDPAD.EXE
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\WRITE.EXE
    (Default)    REG_EXPAND_SZ    "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

 
 
Mozilla
 

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
    {C1A2A613-35F1-4FCF-B27F-2840527B6556}    REG_SZ    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.8.1.14\coFFAddon\

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\TaskBarIDs
    C:\Program Files (x86)\Mozilla Firefox    REG_SZ    E7CF176E110C211B

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox
    (Default)    REG_SZ    50.1.0
    CurrentVersion    REG_SZ    50.1.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\50.1.0 (x86 en-US)
    (Default)    REG_SZ    50.1.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\50.1.0 (x86 en-US)\Main
    Install Directory    REG_SZ    C:\Program Files (x86)\Mozilla Firefox
    PathToExe    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\50.1.0 (x86 en-US)\Uninstall
    Description    REG_SZ    Mozilla Firefox 50.1.0 (x86 en-US)

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 50.1.0
    GeckoVer    REG_SZ    50.1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 50.1.0\bin
    PathToExe    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 50.1.0\extensions
    Components    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\components
    Plugins    REG_SZ    C:\Program Files (x86)\Mozilla Firefox\plugins

 
 
Shared Task Scheduler
 
 
 
SafeBoot
 
 
 
SafeBootMinimal
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
 
 
SafeBootNetwork
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
 
 
File Rename Operations - Session
 

 
 
Known DLLs - Session
 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls
    rpcrt4    REG_SZ    rpcrt4.dll
    DllDirectory    REG_EXPAND_SZ    %SystemRoot%\system32
    combase    REG_SZ    combase.dll
    gdiplus    REG_SZ    gdiplus.dll
    IMAGEHLP    REG_SZ    IMAGEHLP.dll
    MSVCRT    REG_SZ    MSVCRT.dll
    SHLWAPI    REG_SZ    SHLWAPI.dll
    COMDLG32    REG_SZ    COMDLG32.dll
    NORMALIZ    REG_SZ    NORMALIZ.dll
    PSAPI    REG_SZ    PSAPI.DLL
    WLDAP32    REG_SZ    WLDAP32.dll
    ole32    REG_SZ    ole32.dll
    DllDirectory32    REG_EXPAND_SZ    %SystemRoot%\syswow64
    IMM32    REG_SZ    IMM32.dll
    _Wow64cpu    REG_SZ    Wow64cpu.dll
    MSCTF    REG_SZ    MSCTF.dll
    _Wow64win    REG_SZ    Wow64win.dll
    OLEAUT32    REG_SZ    OLEAUT32.dll
    LPK    REG_SZ    LPK.dll
    clbcatq    REG_SZ    clbcatq.dll
    WS2_32    REG_SZ    WS2_32.dll
    SHELL32    REG_SZ    SHELL32.dll
    gdi32    REG_SZ    gdi32.dll
    _Wow64    REG_SZ    Wow64.dll
    DifxApi    REG_SZ    difxapi.dll
    Setupapi    REG_SZ    Setupapi.dll
    kernel32    REG_SZ    kernel32.dll
    advapi32    REG_SZ    advapi32.dll
    user32    REG_SZ    user32.dll
    NSI    REG_SZ    NSI.dll
    sechost    REG_SZ    sechost.dll

 
 
Downloaded program files (ActiveX)
 

 
PATH: C:\windows\Downloaded Program Files
 
 
 
Mountpoints
 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5980a7c8-907f-11e2-be69-806e6f6e6963}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9cd1456-7e60-45a3-8a43-6f080b2ec16d}
 
 
Winlogon
 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Userinit    REG_SZ    userinit.exe,
    Shell    REG_SZ    explorer.exe
    VMApplet    REG_SZ    SystemPropertiesPerformance.exe /pagefile
    DefaultDomainName    REG_SZ    
    PreCreateKnownFolders    REG_SZ    {A520A1A4-1780-4FF6-BD18-167343C5AF16}
    DefaultUserName    REG_SZ    
    AutoRestartShell    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
 
 
Windows Update
 
 
 
Security Software Information
 
*Note*: Some security software does not store itself in the WMI.