Hi,
My dad has been clicking on random advertisement videos and it looks like his search engine has been hijacked. I am sure his computer has some malware on it because it seems like it is running slow.
Any help is so greatly appreciated.
Lisa Huffman
Below is the FRST logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Sydney (administrator) on SONY (02-01-2018 12:56:40)
Running from C:\Users\Sydney\Desktop
Loaded Profiles: Sydney (Available Profiles: Sydney)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Users\Sydney\AppData\Local\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-334888320-4262496311-4089610012-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-11-21] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{10CFF09F-1D71-42C5-978A-FAEF4FB05C35}: [DhcpNameServer] 10.0.1.1
Internet Explorer:
==================
HKU\S-1-5-21-334888320-4262496311-4089610012-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
FireFox:
========
FF DefaultProfile: g12ihscq.default
FF ProfilePath: C:\Users\Sydney\AppData\Roaming\Mozilla\Firefox\Profiles\g12ihscq.default [2018-01-02]
FF Homepage: Mozilla\Firefox\Profiles\g12ihscq.default -> moz-extension://c6dc83ff-f26e-4b90-81d1-fc8d4268204f/newtab/newtab.html
FF NewTabOverride: Mozilla\Firefox\Profiles\g12ihscq.default -> Enabled: web@News
FF Extension: (News) - C:\Users\Sydney\AppData\Roaming\Mozilla\Firefox\Profiles\g12ihscq.default\Extensions\[email protected] [2017-12-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-08-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-08-11] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 MpKsl38489c4e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7B70955-C0FA-431E-B234-5C7FE6740B63}\MpKsl38489c4e.sys [58120 2018-01-02] (Microsoft Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-12-28] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-08-11] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-08-11] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-08-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-02 12:56 - 2018-01-02 12:56 - 000004650 _____ C:\Users\Sydney\Desktop\FRST.txt
2018-01-02 12:53 - 2018-01-02 12:56 - 000000000 ____D C:\FRST
2018-01-02 12:53 - 2018-01-02 12:53 - 002393088 _____ (Farbar) C:\Users\Sydney\Desktop\FRST64.exe
2017-12-28 07:38 - 2018-01-02 07:38 - 000000484 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2017-12-28 07:38 - 2017-12-28 07:38 - 000013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-12-28 07:38 - 2017-12-28 07:38 - 000003194 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2017-12-28 07:38 - 2017-12-28 07:38 - 000002838 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Startup
2017-12-28 07:38 - 2017-12-28 07:38 - 000000430 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2017-12-28 07:37 - 2017-12-28 07:37 - 000000000 ____D C:\Users\Sydney\AppData\Local\SlimWare Utilities Inc
2017-12-17 13:28 - 2017-12-17 13:28 - 000002501 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
2017-12-17 13:28 - 2017-12-17 13:28 - 000000000 ____D C:\Users\Sydney\AppData\Local\Downloaded Installers
2017-12-17 13:28 - 2017-12-17 13:28 - 000000000 ____D C:\Users\Sydney\AppData\Local\CalendarSparkTooltab
2017-12-17 13:28 - 2017-12-17 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2017-12-17 13:28 - 2017-12-17 13:28 - 000000000 ____D C:\Program Files (x86)\DriverUpdate
2017-12-17 13:25 - 2017-12-17 13:25 - 000000000 ____D C:\Users\Sydney\AppData\Local\FromDocToPDFTooltab
2017-12-12 15:05 - 2017-11-17 10:37 - 004168704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-12-12 15:05 - 2017-11-13 22:57 - 025731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-12-12 15:05 - 2017-11-13 22:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-12-12 15:05 - 2017-11-13 22:25 - 005925888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-12-12 15:05 - 2017-11-13 22:20 - 000817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-12-12 15:05 - 2017-11-13 21:55 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-12-12 15:05 - 2017-11-13 21:48 - 015267328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-12-12 15:05 - 2017-11-13 21:48 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-12-12 15:05 - 2017-11-13 21:39 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-12-12 15:05 - 2017-11-13 21:27 - 001544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-12-12 15:05 - 2017-11-13 21:16 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-12-12 15:05 - 2017-11-13 20:37 - 013679616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-12-12 15:05 - 2017-11-13 20:10 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-12-12 15:05 - 2017-11-13 19:32 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-12-12 15:05 - 2017-11-08 10:55 - 000032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-12 15:05 - 2017-11-07 16:15 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-12 15:05 - 2017-11-07 15:49 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-12 15:05 - 2017-11-07 15:46 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-12 15:05 - 2017-11-07 15:39 - 000662016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-12-12 15:05 - 2017-11-07 15:29 - 001080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-12-12 15:05 - 2017-11-07 15:27 - 004509696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-12-12 15:05 - 2017-11-07 15:27 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-12 15:05 - 2017-11-07 15:22 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-12-12 15:05 - 2017-11-07 15:18 - 000694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-12-12 15:05 - 2017-11-07 15:08 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-12-12 15:05 - 2017-11-07 15:04 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-12-12 15:05 - 2017-11-07 15:02 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-12-12 15:05 - 2017-11-07 15:01 - 001313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-12-12 15:05 - 2017-11-07 14:58 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-12-12 15:05 - 2017-10-18 12:14 - 000136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-12 15:05 - 2017-10-14 02:55 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-12-12 15:05 - 2017-10-14 02:29 - 001436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-12-12 15:05 - 2017-10-14 02:23 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-12-12 15:05 - 2017-10-14 02:17 - 003717632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-12 15:05 - 2017-10-14 01:41 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-12-12 15:05 - 2017-10-14 01:19 - 000780800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-12-12 15:05 - 2017-10-10 11:39 - 001192960 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-12-12 15:05 - 2017-10-10 11:29 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2017-12-12 15:05 - 2017-10-10 10:42 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2017-12-12 15:05 - 2017-10-10 09:58 - 000949760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2017-12-05 09:23 - 2017-12-05 06:44 - 000020734 _____ C:\Users\Sydney\Documents\1987%20when%20I%20joined%20toastmaster.odt_0.odt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-02 11:26 - 2017-10-30 12:36 - 000000000 ____D C:\Users\Sydney\AppData\LocalLow\Mozilla
2018-01-02 08:25 - 2017-10-30 08:37 - 000003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A594337-E62B-4967-B670-910067D4443D}
2018-01-01 17:40 - 2017-11-02 12:50 - 000000000 ____D C:\Users\Sydney\Documents\My written documents
2018-01-01 14:15 - 2017-11-02 12:50 - 000000000 ____D C:\Users\Sydney\Documents\Intro
2017-12-30 20:02 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-29 15:22 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-29 07:01 - 2016-12-04 13:22 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-334888320-4262496311-4089610012-1001
2017-12-29 06:55 - 2017-10-30 12:35 - 000001245 _____ C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-29 06:55 - 2017-10-30 12:35 - 000000000 ____D C:\Users\Sydney\AppData\Local\Mozilla Firefox
2017-12-28 12:10 - 2016-12-04 13:16 - 000000000 ____D C:\Users\Sydney\AppData\Local\Packages
2017-12-28 12:10 - 2013-08-22 10:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-28 08:38 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2017-12-28 07:38 - 2017-10-30 07:41 - 000000000 ____D C:\Users\Sydney\OneDrive
2017-12-28 07:36 - 2014-11-21 03:44 - 000820208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-28 07:31 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-24 19:09 - 2017-11-02 12:50 - 000015008 _____ C:\Users\Sydney\Documents\Boca Toastmaster 7 pm.odt
2017-12-24 19:07 - 2017-11-02 12:50 - 000013662 _____ C:\Users\Sydney\Documents\Advanced Toastmaster.odt
2017-12-18 09:23 - 2017-11-02 12:50 - 000012849 _____ C:\Users\Sydney\Documents\Audience Analysis.odt
2017-12-15 18:05 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\rescache
2017-12-15 17:07 - 2013-08-22 09:44 - 000363304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-15 17:06 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-12-14 18:39 - 2017-11-02 12:50 - 000015265 _____ C:\Users\Sydney\Documents\Goals.odt
2017-12-14 15:38 - 2014-10-14 13:03 - 000000000 ____D C:\Users\Sydney\Desktop\backup 10-14
2017-12-13 08:31 - 2017-11-02 12:51 - 000062441 _____ C:\Users\Sydney\Documents\2 on sayings.odt
2017-12-12 16:50 - 2012-07-26 02:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-12 16:48 - 2017-10-31 03:01 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-12 16:48 - 2016-12-04 18:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-12 16:47 - 2016-12-04 18:09 - 133326408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-10 09:11 - 2017-11-02 12:50 - 000020638 _____ C:\Users\Sydney\Documents\what you want a story to do.odt
2017-12-10 08:48 - 2017-11-02 12:50 - 000015094 _____ C:\Users\Sydney\Documents\Boca Noon.odt
2017-12-10 08:35 - 2017-11-02 12:51 - 000018959 _____ C:\Users\Sydney\Documents\Action Plan to improve your use of humor.odt
2017-12-10 08:31 - 2017-11-02 12:51 - 000019444 _____ C:\Users\Sydney\Documents\14 steps to Preparartion for a speech.odt
2017-12-08 22:22 - 2017-08-11 18:34 - 000000000 ____D C:\Users\Sydney
2017-12-05 14:50 - 2017-11-02 12:36 - 000000000 ____D C:\Users\Sydney\Documents\HARRY'S FILES
2017-12-05 06:29 - 2017-11-02 12:51 - 000020184 _____ C:\Users\Sydney\Documents\1987 when I joined toastmaster.odt
2017-12-04 20:26 - 2017-11-02 12:50 - 000036733 _____ C:\Users\Sydney\Documents\Dancing tips from Harry Huffman.odt
2017-12-04 11:23 - 2014-11-21 11:03 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-04 11:23 - 2014-11-21 11:03 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-12-29 04:09
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by Sydney (02-01-2018 12:57:22)
Running from C:\Users\Sydney\Desktop
Windows 8.1 (Update) (X64) (2017-10-30 12:39:08)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-334888320-4262496311-4089610012-500 - Administrator - Disabled)
Guest (S-1-5-21-334888320-4262496311-4089610012-501 - Limited - Disabled)
Sydney (S-1-5-21-334888320-4262496311-4089610012-1001 - Administrator - Enabled) => C:\Users\Sydney
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CalendarSpark Internet Explorer Homepage and New Tab (HKU\S-1-5-21-334888320-4262496311-4089610012-1001\...\CalendarSparkTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
DriverUpdate (HKLM-x32\...\{055C7DA5-A1F5-41FB-932C-82474ED3487A}) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.7.11 - Slimware Utilities Holdings, Inc.)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-334888320-4262496311-4089610012-1001\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 57.0.3 (x86 en-US) (HKU\S-1-5-21-334888320-4262496311-4089610012-1001\...\Mozilla Firefox 57.0.3 (x86 en-US)) (Version: 57.0.3 - Mozilla)
OpenOffice 4.1.4 (HKLM-x32\...\{BDB210E1-06C5-451F-BDAC-C18DDC7C2F14}) (Version: 4.14.9788 - Apache Software Foundation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2DDD154A-9783-4437-903F-C6D0133FBB01} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2017-07-19] (SlimWare Utilities, Inc.)
Task: {632D400E-0EE5-4FC4-A1A3-5C73FEA61324} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {7AF9AD0D-1D65-4331-B2E6-B92DD6AC8A8E} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2017-07-19] (SlimWare Utilities, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-334888320-4262496311-4089610012-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sydney\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
12-12-2017 16:47:08 Windows Update
21-12-2017 04:21:20 Scheduled Checkpoint
28-12-2017 04:40:05 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: Multimedia Video Controller
Description: Multimedia Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Touchscreen
Description: Touchscreen
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/29/2017 03:21:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 120c
Start Time: 01d380e11b7e3a67
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: c561c91b-ecd5-11e7-be81-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/29/2017 06:51:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 12cc
Start Time: 01d380257205c624
Termination Time: 93
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 8f8e9e9f-ec8e-11e7-be81-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/24/2017 04:07:04 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
Error: (12/22/2017 06:00:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1898
Start Time: 01d37b64185a890a
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: e55882f8-e76b-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 08:00:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 72c
Start Time: 01d37aac7f8f1a7e
Termination Time: 59
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 74120160-e6b3-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 05:39:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 7c0
Start Time: 01d37aaa22e3532b
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: b2dd0aac-e69f-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/21/2017 05:22:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1a5c
Start Time: 01d37aa90a8f7ba1
Termination Time: 44
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 5e887dff-e69d-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/17/2017 04:52:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1260
Start Time: 01d3778101d5a9a5
Termination Time: 15
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 9ce0d523-e374-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/16/2017 08:37:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18817 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: d80
Start Time: 01d376d6b01598ac
Termination Time: 23
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: cfbfb5e5-e2ca-11e7-be80-f07bcbd62ee8
Faulting package full name:
Faulting package-relative application ID:
Error: (12/16/2017 12:23:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SONY)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024809 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (12/28/2017 04:48:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/28/2017 04:47:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/28/2017 07:31:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:07:56 AM on 12/28/2017 was unexpected.
Error: (12/28/2017 06:39:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/27/2017 03:03:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/25/2017 12:29:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/21/2017 07:57:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/20/2017 07:06:15 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/19/2017 06:30:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (12/19/2017 09:43:26 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU Q8400 @ 2.66GHz
Percentage of memory in use: 39%
Total physical RAM: 8127.18 MB
Available physical RAM: 4931.93 MB
Total Virtual: 9407.18 MB
Available Virtual: 6121.97 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.17 GB) (Free:901.4 GB) NTFS
Drive e: () (Removable) (Total:0.48 GB) (Free:0.46 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EA36DBB8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================