Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC acting Srange, Randow Virus software stopped wokring

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC acting Srange, Randow Virus software stopped wokring

Unread postby paulkerlin » March 16th, 2017, 6:47 am

Hi Guys

Last week or so McAfee virus wont work and malware bytes has stopped working, suspect i have a nasty. I have installed fresh Norton virus protection which seems to be working but still suspect i have a nasty hiding in there somewhere.

Appreciate any help you can provide

Logs as requested below.

I have added the additional log, but the frts log exceeds the number of characters by itself ???, can i post it in 2 seperate posts ?

Your message contains 131713 characters. The maximum number of allowed characters is 100000.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (16-03-2017 21:25:34)
Running from C:\Users\Paul\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-28 19:27:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-853519024-3654194281-2201712828-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-853519024-3654194281-2201712828-503 - Limited - Disabled)
Guest (S-1-5-21-853519024-3654194281-2201712828-501 - Limited - Disabled)
Paul (S-1-5-21-853519024-3654194281-2201712828-1001 - Administrator - Enabled) => C:\Users\Paul

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Disabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.1.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5829 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Family Vacation 2: Road Trip (x32 Version: 3.0.2.59 - WildTangent) Hidden
FreeFileSync 7.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 7.6 - www.FreeFileSync.org)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{DD21DBC9-2A74-44DA-A543-B1F4AF3ABFCA}) (Version: 1.1.8.1 - HP)
IGT Slots: Paradise Garden (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
K-Lite Mega Codec Pack 12.1.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.1.5 - KLCP)
Living Legends: Frozen Beauty Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Lands: Dark Overlord Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Media Cope 4.0 (HKLM-x32\...\Media Cope_is1) (Version: - Media Cope)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 52.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0 (x86 en-US)) (Version: 52.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
NAPS2 5.2.1 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
Norton Security (HKLM-x32\...\NSBU) (Version: 22.9.0.71 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
SafeZone Stable 3.55.2393.590 (x32 Version: 3.55.2393.590 - Avast Software) Hidden
Serviio (HKLM\...\Serviio) (Version: 1.8 - Six Lines Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{3C595537-D968-48D5-AAB1-CCB2E90FA59A}) (Version: 2.9.94 - TomTom)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.16 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07B947CF-DFF7-498B-9FA9-C8F7063D0E78} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {2F20F75A-03FB-48E5-9A1A-0609B55EC21B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-05-24] ()
Task: {36BA0727-C8A7-478D-98A6-B1D5AD46E588} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security with Backup\Engine\22.9.0.71\WSCStub.exe [2017-02-21] (Symantec Corporation)
Task: {3AE52E7D-C265-45CA-9639-6F2C4CCF14D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {5A27318C-D773-4067-966D-45951BDDDFF5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {5B15BB25-7A73-495E-8B4A-14C6C3D62185} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5B38D836-A0CB-463F-B991-B50A83765F0A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {5B4B11B7-59C9-43B8-A942-E3682ED532D3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5FAD51CE-A687-4BA5-B8A0-2D54CFB43938} - System32\Tasks\SafeZone scheduled Autoupdate 1467322114 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {62CB8C00-89E4-4F1B-BB19-8E65F2B1898F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {63D2F59B-0D8A-42E5-88E4-772EDB8C9BD8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation)
Task: {661BA085-08A3-40EE-BCD8-B8D5FE6ED030} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {71F5C9DE-021A-4347-AA99-CCC28E5F1D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-14] (Google Inc.)
Task: {7E056055-C220-4E71-8133-AAAB755532CD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {7F57FDDD-43FC-4D42-A513-366AC5275A31} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-10-29] (CyberLink Corp.)
Task: {828B51B9-0989-427E-A4FC-51B706E7405B} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Processor => C:\Program Files\Norton Security with Backup\Engine\22.9.0.71\SymErr.exe [2017-02-21] (Symantec Corporation)
Task: {8E0DCA67-2B6C-48D3-B180-ACE3565F140B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {97818296-26F0-4A9C-886C-1C3A46CF5DBA} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Error Analyzer => C:\Program Files\Norton Security with Backup\Engine\22.9.0.71\SymErr.exe [2017-02-21] (Symantec Corporation)
Task: {9969B186-4BBC-4C08-8A4C-E938253C95CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {A8D1766E-D615-4033-97CC-376365393D0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {AE2EDAB8-A1B3-48A0-A25E-F4347E4E0B99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B25E0DAC-9525-4B29-99D4-248D930B6FF8} - System32\Tasks\Norton Security with Backup\Norton Security with Backup Autofix => C:\Program Files\Norton Security with Backup\Engine\22.9.0.71\SymErr.exe [2017-02-21] (Symantec Corporation)
Task: {DD02190E-F081-4306-9BFF-8EC2E18BC357} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {E039D43E-260B-4165-9809-76544FE169E9} - System32\Tasks\HPCeeScheduleForPaul => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-17] (Hewlett-Packard)
Task: {E2C0D225-82FB-40D1-A72C-2E8CE31927AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {EB62E9E3-9F1B-4C0A-BFE6-CAB38DA31A18} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {FD753024-EFCA-458D-BFED-FD50F27C523B} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-03-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPaul.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 22:42 - 2016-07-16 22:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 21:33 - 2017-03-04 18:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-14 13:09 - 2016-02-05 10:53 - 00387144 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-05-06 19:35 - 2015-11-20 09:44 - 00127192 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-12-05 15:30 - 2016-12-05 15:30 - 00413696 _____ () C:\Program Files\Serviio\bin\ServiioService.exe
2016-05-06 19:55 - 2014-04-15 12:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-27 18:51 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-06-16 09:50 - 2017-03-02 20:11 - 08451115 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-03-15 21:33 - 2017-03-04 18:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-14 11:20 - 2017-01-30 00:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-29 23:40 - 2016-09-29 23:40 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 21:32 - 2017-03-04 17:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 21:33 - 2017-03-04 17:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 21:33 - 2017-03-04 17:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 21:33 - 2017-03-04 17:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 21:34 - 2017-03-04 17:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-15 21:33 - 2017-03-04 17:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 21:34 - 2017-03-04 17:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-28 15:11 - 2016-12-21 08:37 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2017-03-15 19:16 - 2017-03-15 19:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-15 19:16 - 2017-03-15 19:16 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-15 19:16 - 2017-03-15 19:16 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-15 19:16 - 2017-03-15 19:16 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-07 19:45 - 2017-02-01 20:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 19:45 - 2017-02-01 20:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-06-16 09:50 - 2017-03-02 20:11 - 00694272 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-06-16 09:50 - 2017-03-02 20:11 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-06-16 09:50 - 2017-03-02 20:11 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-06-16 09:50 - 2017-03-02 20:11 - 00144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-03-16 20:13 - 2017-03-16 20:13 - 00012800 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00009728 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00014848 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-03-16 20:12 - 2017-03-16 20:12 - 00094208 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\src\rgloader\rgloader193.mswin.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00009216 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00094208 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00126976 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00087552 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00016384 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00127316 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\bin\libffi-6.dll
2017-03-16 20:13 - 2017-03-16 20:13 - 00008704 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00013312 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00095744 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-03-16 20:13 - 2017-03-16 20:13 - 00026624 _____ () C:\Users\Paul\AppData\Local\Temp\ocr4A5D.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00012800 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00009728 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00014848 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00094208 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\src\rgloader\rgloader193.mswin.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00094208 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00118784 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00069120 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00083968 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\bin\zlib1.dll
2017-03-16 20:14 - 2017-03-16 20:14 - 00026624 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00275968 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00015360 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00008192 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00009216 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00023552 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00008704 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00008704 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00008704 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00008704 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00036352 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00126976 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00087552 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00016384 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00127316 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\bin\libffi-6.dll
2017-03-16 20:14 - 2017-03-16 20:14 - 00013312 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00095744 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-03-16 20:14 - 2017-03-16 20:14 - 00026624 _____ () C:\Users\Paul\AppData\Local\Temp\ocrD245.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-06-16 09:50 - 2017-03-02 20:11 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-06-16 09:50 - 2017-03-02 20:11 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-06-14 11:03 - 2017-01-29 20:49 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-06-14 11:06 - 2017-01-30 07:07 - 00152776 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Paul\Documents\Calvery Refund.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 18:24 - 2015-10-30 18:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-853519024-3654194281-2201712828-1001\Control Panel\Desktop\\Wallpaper -> c:\users\paul\downloads\star-wars-wallpaper-hd-11.jpg
DNS Servers: 192.168.1.1 - 209.222.18.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "DeliveryAndStatusCheck"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-853519024-3654194281-2201712828-1001\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{C9A1486A-AAF3-4FA4-AE63-8C0311224E26}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{B8024B75-92A4-48BD-8920-05CE0277072C}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{B358048D-C531-4EBA-A00B-EBC1FA2982C8}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [TCP Query User{388EC3DF-39D5-489A-AE8D-5F278FE8713E}C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe] => (Allow) C:\users\paul\downloads\utorrent-1-6-1-build-490-utorrent.exe
FirewallRules: [{4107199C-1954-4950-A0CB-AA68D6BCBC31}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DFDBA1D0-A058-4CBC-8163-67EE6A82CF38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1EDB4D59-47DE-407B-B766-DDA14F06D4C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B049277-039F-4718-84A7-8911BE023771}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E73EB7D-2551-48F4-9993-EC3384D3022E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CB4A51BB-098D-470E-BC4C-B68B8D344C02}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{2C44403D-1157-4B2A-88E8-D91D2BB1DE59}] => (Allow) C:\Users\Paul\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{F6F321CC-53AF-4328-9827-224C71FA5B04}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{770DBF13-4A21-4B51-8FAA-BAA6161C336C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBB0E5A-DC77-48B2-A17E-487FB5263E66}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{E3DEC986-5EAA-4593-B7F9-25C154108B61}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{99898BB3-9F99-49BC-B55A-590120DDEB15}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{1B815E9F-26FC-4B1F-9CAA-9A3D32B1AD8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{6362D658-FD10-4F5B-8B57-4DCB6F7D7EAF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{3078F1CD-3CA1-4CFF-A65B-4F067D5C260A}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{DA602299-41E5-4A40-8CBE-CF5E555A6B2E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{3F01D1BF-7CB1-439F-B884-3397FD263394}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DDCE531E-EE56-4E6F-9DD8-C9E33B813B50}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [UDP Query User{6EF902A6-91CE-4D64-A531-F43E117C135E}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{3C6AFEA7-86D6-44D4-9E42-64DB9B2DEADE}] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{DAE28F84-E0A1-44E7-B1BD-4AB5599E4889}] => (Block) C:\program files\serviio\jre\bin\javaw.exe
FirewallRules: [{CFE4D6A5-E365-4283-ABFA-B3C933BC609D}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{85E0DDDD-87DB-478D-B033-0E1C7168BC9D}] => (Allow) C:\Program Files\Serviio\bin\ServiioService.exe
FirewallRules: [{93146538-1871-4DED-B8ED-94FD573DB1C6}] => (Allow) C:\Program Files\Serviio\console\ServiioConsole.exe
FirewallRules: [{EA7CD07B-E88E-45E5-ABF6-AE16D9D8D732}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9F37AE45-1C13-43C0-8A8B-96E86112B21D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{DCD3950B-5024-4301-BC82-78A080FB3E18}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{C033B4F5-6C63-4371-9690-A72F5D14AA40}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe

==================== Restore Points =========================

10-02-2017 18:06:58 Scheduled Checkpoint
19-02-2017 08:52:41 Scheduled Checkpoint
22-02-2017 18:24:03 Windows Update
04-03-2017 09:48:49 Scheduled Checkpoint
16-03-2017 07:32:21 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2017 08:22:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/16/2017 08:06:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/16/2017 08:06:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/16/2017 05:55:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.14393.953 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1818

Start Time: 01d29e21fefc7f24

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

Report Id: 8541635b-0a15-11e7-b93f-681401707138

Faulting package full name: Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: CortanaUI

Error: (03/16/2017 05:55:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-7T4HQVTJ)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (03/16/2017 05:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: combase.dll, version: 10.0.14393.576, time stamp: 0x584a7796
Exception code: 0xc0000005
Fault offset: 0x00000000000b071c
Faulting process id: 0x204
Faulting application start time: 0x01d29d606bad87ce
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 1ef6bd82-03e6-44fc-8756-7614869c0b80
Faulting package full name:
Faulting package-relative application ID:

Error: (03/16/2017 07:34:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/15/2017 06:59:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/15/2017 11:49:17 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/15/2017 09:14:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80080005, Server execution failed
.


System errors:
=============
Error: (03/16/2017 08:12:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 08:12:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 08:12:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 08:11:24 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT AUTHORITY)
Description: H:\Device\HarddiskVolume83

Error: (03/16/2017 08:09:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/16/2017 06:51:36 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (03/16/2017 06:51:36 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (03/16/2017 06:38:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 4 time(s).

Error: (03/16/2017 05:54:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (03/16/2017 05:52:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8090.91 MB
Available physical RAM: 4165.67 MB
Total Virtual: 9370.91 MB
Available Virtual: 4906.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:909.93 GB) (Free:387.92 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.47 GB) (Free:2.35 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive m: (Movies) (Fixed) (Total:1863.01 GB) (Free:21.64 GB) NTFS
Drive t: (TV Book) (Fixed) (Total:3725.99 GB) (Free:279.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 126E0F21)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 1C58AE47)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

==================== End of Addition.txt ============================
paulkerlin
Active Member
 
Posts: 12
Joined: March 16th, 2017, 3:45 am
Advertisement
Register to Remove

Re: PC acting Srange, Randow Virus software stopped wokring

Unread postby Gary R » March 17th, 2017, 2:10 am

Incomplete Log

By posting an incomplete FRST log it is likely that your topic will be passed by and you will not receive the help you're looking for.
We need to know what's running on your computer so that we can provide the appropriate instructions

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.
If you still need help, please start a new thread an include your full FRST logs:
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.

If you can't post a log because it is too large, then you can attach it to your post, details for how to do that can be found ... here

If for any reason you can't run FRST, please let us know in your post, and see this section here that explains what you should do when you can not run FRST..


This topic will now be closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 23255
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware