Solved Windows 10 Technical Disruption & Error Messages

I would like to report a very strange happening that just took place on my computer. I was reading the news reports on MSN.com homepage when an audible alarm started beeping and a bunch of pages came up about a serious infection in my computer and to call Windows Technical Service @ 877-563-5714. The message told me not to shut down my computer or it would result in my boot system being corrupted. I called the number and the Tech (funny thing Tech had same accent as previous encounter) proceeded to run a remote check of my computer showing me all kinds of what he described as errors that were infecting the Windows 10 configuration. He also noted my security applications such as Malwarebytes, AdwareCleaner, CC cleaner, ToolWiz, Bitdefender-AntiWirus, Spybot as being non compatible with Windows 10. He displayed an Administrative Events page that supposedly showed 3,499 errors and told me that for $199.99 and 60-90 minutes later my computer would be cleaned and updated. I must admit, this scared the hell out of me. What are all these errors and what the hell is going on with Windows 10.? What caused the disruption of my computer in the first place?

 

I downloaded your files but Windows message appears and says Don't Run???? The ComboFix says it won't work on my PC

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Owner (administrator) on OWNER-DESKTOP (26-10-2016 16:49:09)
Running from C:\Users\Owner\Desktop\Security
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Toolwiz) C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Toolwiz.com) C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2016-04-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [KSafeTray] => C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe [742816 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2016-09-28] (Toolwiz)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\Webshots\Webshots.scr [3474848 2010-07-27] (Webshots.com)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2016-10-22]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{cee117d8-0a7a-481d-87a6-5fab7bc86328}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{cee117d8-0a7a-481d-87a6-5fab7bc86328}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
SearchScopes: HKU\S-1-5-21-2463262124-900243846-537622603-1000 -> {A7D3F239-DE1F-49BB-B657-A3FC63579793} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20160407&p={searchTerms}
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\Espresso64.dll [2014-01-23] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\Espresso.dll [2014-01-23] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-2463262124-900243846-537622603-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\TomTom\HOME\Profiles\2rqfaa83.default [2014-05-31]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7394c0am.default-1477516138992 [2016-10-26]
FF Homepage: Mozilla\Firefox\Profiles\7394c0am.default-1477516138992 -> hxxp://www.msn.com/
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2463262124-900243846-537622603-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-22] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-03] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-03] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-03] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-09-01]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-09-15]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmapfhedmiiikmeicmclonepdhjgmlcn [2016-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lomdegodbindknemkcimmpfmkfjdkiho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-06-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R3 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76952 2016-05-18] (Comodo Security Solutions, Inc.)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-18] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 KSafeSvc; C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-04-27] (RealNetworks, Inc.)
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2016-09-06] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-06] (Microsoft Corporation)
R3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-22] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-22] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-25] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-28] (BitDefender LLC)
S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2016-09-28] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2016-09-28] (Toolwiz.com)
S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [307968 2012-07-26] (D-vitec)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2016-09-28] (Toolwiz.com)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 16:47 - 2016-10-26 16:49 - 00000000 ____D C:\FRST
2016-10-26 13:43 - 2016-10-26 16:49 - 00000000 ____D C:\temp
2016-10-26 10:56 - 2016-10-26 10:56 - 00000000 ____D C:\Users\Owner\AppData\Temp
2016-10-24 19:11 - 2016-10-24 21:32 - 00000000 ____D C:\Users\Owner\Downloads\The.Dead.Pool.1988.720p.BluRay.x264-ESiR
2016-10-24 13:24 - 2016-10-24 13:24 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-10-24 13:08 - 2016-10-24 13:08 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-10-21 19:55 - 2016-10-21 19:55 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-21 19:49 - 2016-10-21 19:49 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-10-21 18:10 - 2016-10-21 19:43 - 00000000 ____D C:\Program Files (x86)\Smart PC Solutions
2016-10-21 17:46 - 2016-10-21 18:00 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-21 17:34 - 2016-10-21 17:34 - 00006144 _____ C:\Users\Owner\Documents\NoGatheringAlt.est
2016-10-20 20:30 - 2016-10-20 20:30 - 00018887 _____ C:\Users\Owner\Documents\lettertoeditor.odt
2016-10-15 19:46 - 2016-10-15 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-10-15 19:46 - 2016-10-15 19:46 - 00000000 ____D C:\Program Files\Classic Shell
2016-10-15 19:44 - 2016-10-15 19:44 - 07220496 _____ (IvoSoft) C:\Users\Owner\Downloads\ClassicShellSetup_4_3_0.exe
2016-10-13 11:12 - 2016-10-13 11:12 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2016-10-13 11:11 - 2016-10-13 11:12 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2016-10-11 19:13 - 2016-10-05 00:56 - 01644736 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 01242304 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00602304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00591040 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00329920 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-10-11 19:13 - 2016-10-05 00:56 - 00144576 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00085696 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 19:13 - 2016-10-05 00:18 - 07468384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 19:13 - 2016-10-05 00:01 - 01637216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-11 19:13 - 2016-10-04 23:54 - 01297760 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-10-11 19:13 - 2016-10-04 23:17 - 03693064 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 19:13 - 2016-10-04 22:45 - 00987488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-10-11 19:13 - 2016-10-04 22:38 - 00636296 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-10-11 19:13 - 2016-10-04 22:37 - 00640976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-10-11 19:13 - 2016-10-04 22:31 - 00422240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-10-11 19:13 - 2016-10-04 22:08 - 02937896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 19:13 - 2016-10-04 22:00 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-10-11 19:13 - 2016-10-04 21:49 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-10-11 19:13 - 2016-10-04 21:33 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-10-11 19:13 - 2016-10-04 21:32 - 00538744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-10-11 19:13 - 2016-10-04 21:10 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 19:13 - 2016-10-04 21:10 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 19:13 - 2016-10-04 21:00 - 01661952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 19:13 - 2016-10-04 20:55 - 03549696 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 19:13 - 2016-10-04 20:48 - 02437120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 19:13 - 2016-10-04 20:40 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-10-11 19:13 - 2016-10-04 20:29 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 19:13 - 2016-10-04 20:10 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 19:13 - 2016-10-04 20:09 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 19:13 - 2016-10-04 19:55 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 19:13 - 2016-10-04 19:50 - 22379520 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-10-11 19:13 - 2016-10-04 19:50 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 24611328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 13392384 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 19:13 - 2016-10-04 19:33 - 14255104 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 19:13 - 2016-10-04 19:27 - 09920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-11 19:13 - 2016-10-04 19:26 - 07836672 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-10-11 19:13 - 2016-10-04 19:22 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 19349504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 18675200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 12134400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 19:13 - 2016-10-04 19:06 - 12587008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 19:13 - 2016-10-04 19:01 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-10-11 19:13 - 2016-09-26 19:39 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 19:13 - 2016-09-17 00:45 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-10-11 19:13 - 2016-09-17 00:28 - 03077120 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 19:13 - 2016-09-16 23:45 - 06312448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-10-11 19:13 - 2016-09-16 23:43 - 02552832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 19:13 - 2016-09-16 23:22 - 04405248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-10-11 19:12 - 2016-10-05 00:20 - 01030408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 19:12 - 2016-10-05 00:20 - 00875480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-11 19:12 - 2016-10-05 00:19 - 00129376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-11 19:12 - 2016-10-05 00:18 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 19:12 - 2016-10-05 00:18 - 01142560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-11 19:12 - 2016-10-05 00:01 - 01337184 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2016-10-11 19:12 - 2016-10-04 23:15 - 00304752 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-10-11 19:12 - 2016-10-04 23:14 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 19:12 - 2016-10-04 23:09 - 00604920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-11 19:12 - 2016-10-04 22:39 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-10-11 19:12 - 2016-10-04 22:39 - 00576856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-10-11 19:12 - 2016-10-04 22:38 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-10-11 19:12 - 2016-10-04 22:25 - 00871776 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2016-10-11 19:12 - 2016-10-04 22:23 - 00305808 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2016-10-11 19:12 - 2016-10-04 22:05 - 00256704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-10-11 19:12 - 2016-10-04 22:01 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-10-11 19:12 - 2016-10-04 21:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-10-11 19:12 - 2016-10-04 21:50 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 19:12 - 2016-10-04 21:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\pnpclean.dll
2016-10-11 19:12 - 2016-10-04 21:47 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2016-10-11 19:12 - 2016-10-04 21:47 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-11 19:12 - 2016-10-04 21:38 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2016-10-11 19:12 - 2016-10-04 21:35 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2016-10-11 19:12 - 2016-10-04 21:34 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-10-11 19:12 - 2016-10-04 21:30 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-10-11 19:12 - 2016-10-04 21:30 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-10-11 19:12 - 2016-10-04 21:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 19:12 - 2016-10-04 21:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 19:12 - 2016-10-04 21:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack_win.dll
2016-10-11 19:12 - 2016-10-04 21:23 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-10-11 19:12 - 2016-10-04 21:19 - 00717152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2016-10-11 19:12 - 2016-10-04 21:18 - 00253080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2016-10-11 19:12 - 2016-10-04 21:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
2016-10-11 19:12 - 2016-10-04 21:17 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-10-11 19:12 - 2016-10-04 21:15 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2016-10-11 19:12 - 2016-10-04 21:07 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\ApplicationFrame.dll
2016-10-11 19:12 - 2016-10-04 21:05 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-11 19:12 - 2016-10-04 21:04 - 01718272 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-11 19:12 - 2016-10-04 21:02 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 19:12 - 2016-10-04 21:00 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 19:12 - 2016-10-04 21:00 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 19:12 - 2016-10-04 20:57 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2016-10-11 19:12 - 2016-10-04 20:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 19:12 - 2016-10-04 20:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2016-10-11 19:12 - 2016-10-04 20:37 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-11 19:12 - 2016-10-04 20:30 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2016-10-11 19:12 - 2016-10-04 20:29 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-10-11 19:12 - 2016-10-04 20:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2016-10-11 19:12 - 2016-10-04 20:24 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-10-11 19:12 - 2016-10-04 20:24 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 19:12 - 2016-10-04 20:23 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 19:12 - 2016-10-04 20:15 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-10-11 19:12 - 2016-10-04 20:14 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-11 19:12 - 2016-10-04 20:13 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-11 19:12 - 2016-10-04 20:05 - 01467904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-11 19:12 - 2016-10-04 20:04 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 19:12 - 2016-10-04 20:04 - 00885248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 19:12 - 2016-10-04 19:59 - 02362880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 19:12 - 2016-10-04 19:54 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 19:12 - 2016-10-04 19:40 - 01626112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-10-11 19:12 - 2016-09-30 19:16 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-11 19:12 - 2016-09-17 01:08 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 19:12 - 2016-09-17 00:12 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 19:12 - 2016-06-17 21:55 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-10-11 19:12 - 2016-06-17 21:51 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-10-11 19:12 - 2016-06-17 21:49 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-10-11 19:12 - 2016-06-17 21:45 - 00361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-10-11 12:26 - 2016-10-11 12:26 - 00003626 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Owner-Desktop-Owner
2016-10-11 12:15 - 2016-10-11 12:15 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
2016-10-11 12:14 - 2016-10-11 12:14 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
2016-10-11 12:12 - 2016-10-11 12:12 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2016-10-11 12:12 - 2016-10-11 12:12 - 00001265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2016-10-11 12:10 - 2016-10-11 12:10 - 00001635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2016-10-11 12:10 - 2016-10-11 12:10 - 00001459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2016-10-11 12:00 - 2011-04-24 22:18 - 00000000 ____D C:\Users\Owner\Downloads\Adobe Photoshop CS5.1 Extended Edition
2016-10-11 11:54 - 2016-10-11 11:59 - 1272409933 _____ C:\Users\Owner\Downloads\Adobe. Photoshop CS5.1 Extended Edition.exe
2016-10-08 20:12 - 2016-10-26 12:31 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-09-28 11:03 - 2016-09-28 11:03 - 00052992 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00052480 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00003388 _____ C:\Windows\System32\Tasks\ToolwizCareFree
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ___HD C:\TOOLWIZ
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ____D C:\Program Files (x86)\ToolwizCareFree

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 16:49 - 2013-06-19 17:25 - 00000000 ___RD C:\Users\Owner\Desktop\Security
2016-10-26 16:48 - 2016-09-22 20:01 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2016-10-26 15:19 - 2016-04-25 13:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 15:16 - 2011-09-27 12:24 - 00027727 _____ C:\Users\Owner\Documents\Budget.ods
2016-10-26 13:45 - 2016-05-18 19:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-10-26 13:42 - 2015-10-30 00:21 - 00000000 ____D C:\Windows\INF
2016-10-26 13:26 - 2016-05-21 19:56 - 01353748 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 13:23 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\AppReadiness
2016-10-26 13:21 - 2015-10-29 23:28 - 00065536 ___SH C:\Windows\system32\config\ELAM
2016-10-26 13:19 - 2016-05-18 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-26 13:19 - 2016-02-13 06:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-26 13:19 - 2014-03-23 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-26 13:06 - 2015-10-29 23:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-10-26 13:02 - 2014-07-24 16:20 - 00000000 ____D C:\AdwCleaner
2016-10-26 12:31 - 2016-04-03 15:12 - 00000000 ____D C:\sh4ldr
2016-10-26 10:30 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-25 19:45 - 2013-06-29 17:59 - 00000000 ____D C:\ProgramData\xml_param
2016-10-25 15:20 - 2016-05-21 19:57 - 00000000 ____D C:\Users\Owner
2016-10-24 14:21 - 2013-06-19 17:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-10-24 13:08 - 2013-10-24 13:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-10-21 19:55 - 2016-05-21 20:49 - 00000000 ___DC C:\Windows\Panther
2016-10-21 19:43 - 2015-10-30 00:26 - 00000000 ____D C:\Windows\Setup
2016-10-21 19:41 - 2016-04-03 15:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Enigma Software Group
2016-10-21 18:51 - 2015-08-08 13:47 - 00001908 _____ C:\Windows\diagwrn.xml
2016-10-21 18:51 - 2015-08-08 13:47 - 00001908 _____ C:\Windows\diagerr.xml
2016-10-21 14:24 - 2016-08-05 12:41 - 00016618 _____ C:\Users\Owner\Documents\WaynesLedger.ods
2016-10-21 11:49 - 2013-11-17 14:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-17 10:01 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-17 10:01 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-15 16:48 - 2013-06-19 17:25 - 00000000 ___RD C:\Users\Owner\Desktop\AudioVideo
2016-10-14 12:53 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\rescache
2016-10-14 11:00 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-14 11:00 - 2015-10-30 00:11 - 00000000 ____D C:\Windows\CbsTemp
2016-10-14 10:22 - 2016-02-13 06:11 - 05157776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 20:32 - 2015-10-30 00:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-10-13 20:32 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-10-13 12:12 - 2013-07-16 21:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-13 12:02 - 2013-06-18 07:48 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-13 11:12 - 2014-06-15 20:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-10-13 11:03 - 2015-06-12 09:38 - 00000000 ____D C:\Users\Owner\Documents\My Filehippo Downloads
2016-10-12 11:41 - 2013-06-18 08:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 11:41 - 2013-06-18 08:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 10:31 - 2013-06-18 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 20:27 - 2014-12-25 11:15 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 20:26 - 2015-05-04 19:34 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-11 12:15 - 2015-12-31 15:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-11 12:14 - 2016-08-10 16:59 - 00000000 ____D C:\Program Files\Adobe
2016-10-11 12:14 - 2014-06-05 11:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-10-11 12:14 - 2013-11-03 18:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-11 12:13 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-11 12:10 - 2014-06-06 10:42 - 00000000 ____D C:\ProgramData\Adobe
2016-10-10 14:10 - 2016-05-19 21:02 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\Program Files\WinRAR
2016-10-09 11:02 - 2015-06-10 14:22 - 00017518 _____ C:\Users\Public\Documents\Passwords.odt
2016-10-08 21:14 - 2016-04-11 18:16 - 00000940 _____ C:\Windows\wininit.ini
2016-10-08 20:08 - 2016-09-10 15:33 - 00018852 _____ C:\Users\Owner\Documents\REEVES TRUST.odt
2016-10-08 19:40 - 2015-10-30 00:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-09-30 17:23 - 2015-10-30 00:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-30 17:23 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 10:13 - 2016-08-17 21:24 - 00000000 ____D C:\Windows10Upgrade
2016-09-28 13:19 - 2013-07-20 19:29 - 00000000 ____D C:\ProgramData\OfficeGuardian
2016-09-28 11:10 - 2016-08-18 12:08 - 00000000 ____D C:\Windows\Minidump
2016-09-28 11:10 - 2013-06-19 17:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer

==================== Files in the root of some directories =======

2016-04-15 21:11 - 2016-04-15 21:11 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\1.txt
2014-02-11 12:14 - 2014-02-11 12:14 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-03-31 19:17 - 2016-03-31 19:18 - 6504960 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Applications
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Audio Unit Effect
2013-04-22 17:43 - 2013-06-25 13:44 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2016-03-31 19:16 - 2016-03-31 19:16 - 0127488 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-03-31 19:17 - 2016-03-31 19:18 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2015-12-29 14:50 - 2016-03-22 11:37 - 0023069 _____ () C:\Users\Owner\AppData\Roaming\PassportPhotoStudio
2013-04-22 17:43 - 2013-06-25 13:44 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2013-04-22 17:43 - 2013-06-25 13:44 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2013-04-22 17:43 - 2013-06-25 13:44 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2013-03-10 16:24 - 2013-03-10 16:24 - 0001181 _____ () C:\Users\Owner\AppData\Roaming\trace_FilterInstaller.txt
2012-04-29 14:26 - 2013-06-25 13:44 - 0001057 _____ () C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
2013-07-27 11:17 - 2013-11-19 11:33 - 0000113 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-06-25 15:17 - 2013-11-19 11:33 - 0000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-10-29 14:34 - 2013-10-29 14:36 - 144790821 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload
2013-10-29 14:34 - 2013-10-29 14:36 - 0001817 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload.aamd
2014-06-04 10:52 - 2014-06-04 10:52 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-12-07 14:12 - 2013-12-07 14:12 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-09 14:19 - 2015-07-01 15:47 - 0015872 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\file__0.localstorage
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\https_drm.youdagames.com_0.localstorage
2013-12-25 15:10 - 2013-12-25 15:10 - 0067992 _____ () C:\Users\Owner\AppData\Local\kfiafmdj
2013-10-12 10:27 - 2013-10-14 15:17 - 0361117 _____ () C:\Users\Owner\AppData\Local\newhb2.crx
2013-12-30 14:09 - 2013-12-30 14:09 - 0000008 ____H () C:\Users\Owner\AppData\Local\pcdit.dat
2013-12-25 15:11 - 2013-12-25 15:11 - 0012326 _____ () C:\Users\Owner\AppData\Local\ptonlrhw
2013-10-22 10:58 - 2013-10-22 10:58 - 0000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2012-04-22 15:13 - 2016-10-26 10:25 - 0007606 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-01-26 16:24 - 2013-01-26 16:24 - 0370526 _____ () C:\Users\Owner\AppData\Local\speeddial.crx
2013-10-24 13:20 - 2013-10-24 13:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\ProgramData\Authentication
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\ProgramData\Automator
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis1C67.exe
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis3436.exe
2016-08-18 12:06 - 2016-08-18 12:06 - 0000000 _____ () C:\ProgramData\cis8C91.exe
2013-07-05 13:37 - 2016-04-30 18:08 - 0000007 _____ () C:\ProgramData\ddpN.tst
2016-05-21 19:53 - 2016-05-21 19:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 14:08 - 2013-12-30 14:08 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2015-02-11 20:32 - 2015-02-11 20:46 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-19 12:00 - 2014-06-26 16:24 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2013-12-19 12:02 - 2014-06-26 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\ProgramData\cis1C67.exe
C:\ProgramData\cis3436.exe
C:\ProgramData\cis8C91.exe
C:\Users\Owner\mbam-setup-2.1.4.1018.exe
C:\Users\Owner\winstdut.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-18 11:26

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Owner (26-10-2016 16:50:33)
Running from C:\Users\Owner\Desktop\Security
Windows 10 Home Version 1511 (X64) (2016-05-22 03:30:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2463262124-900243846-537622603-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2463262124-900243846-537622603-503 - Limited - Disabled)
Guest (S-1-5-21-2463262124-900243846-537622603-501 - Limited - Disabled)
Owner (S-1-5-21-2463262124-900243846-537622603-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
100% Free Chess 7.42 (HKLM-x32\...\FreeChess) (Version: 7.42 - DreamQuest)
100% Free Cribbage 7.42 (HKLM-x32\...\FreeCribbage) (Version: 7.42 - DreamQuest)
100% Free Five Hundred 7.42 (HKLM-x32\...\Free500) (Version: 7.42 - DreamQuest)
100% Free Gin 7.42 (HKLM-x32\...\FreeGin) (Version: 7.42 - DreamQuest)
100% Free Hearts 7.42 (HKLM-x32\...\FreeHearts) (Version: 7.42 - DreamQuest)
100% Free Rummy 7.42 (HKLM-x32\...\FreeRummy) (Version: 7.42 - DreamQuest)
100% Free Spades 7.42 (HKLM-x32\...\FreeSpades) (Version: 7.42 - DreamQuest)
123 Free Solitaire v10.3 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
3DP Chip v13.02 (HKLM-x32\...\3DP Chip) (Version: v13.02 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2BFD590F-1D73-3533-E734-FDDAC3746E4A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
AVEO UVC Like Driver (HKLM-x32\...\{21A196EC-241B-4A79-970B-E9585F1CE90C}) (Version: 2.7.0.0 - aveotek)
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVS Photo Editor 2.3.5 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.5.151 - Online Media Technologies Ltd.)
AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{14414298-5199-4C52-81E2-FF1501EAAD72}) (Version: 2.0.1.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows 7 Drivers (x32 Version: 2.0.1.0 - ASIX Electronics Corporation) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.26.1418 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Daniusoft Video Converter Ultimate(Build 3.0.3.1) (HKLM-x32\...\Daniusoft Video Converter Ultimate_is1) (Version: - Daniusoft Software)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Double Deck Pinochle 4.14 (HKLM-x32\...\Double Deck Pinochle_is1) (Version: - SAC Products)
Double-Six Dominoes v3.0 (HKLM-x32\...\{3FEF0A81-8111-40CA-978C-E4E21977B451}) (Version: 1.0.0 - BoltBait)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
Hallmark Card Studio Select (HKLM-x32\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.0.34 - Creative Home)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP)
HP Smart Print 2.6 (HKLM-x32\...\{4555A338-5952-4150-81B9-655763BAF872}) (Version: 2.6.0.238 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
iSkysoft Data Recovery(Build 1.3.2.2) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 1.3.2.2 - iSkysoft Software Co.,Ltd.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Kindle fire video converter version V0.9.3 (HKLM-x32\...\{7ADFAD84-67E8-49FC-A9E7-DBF1E2ECA8E7}_is1) (Version: V0.9.3 - Epubor Inc.)
Kingsoft PC Doctor 3.7.0.47 (HKLM-x32\...\Kingsoft PC Doctor) (Version: 3.7.0.47 - Kingsoft PC Doctor)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.111.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.111.09020 - Sony)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 Samples (HKLM-x32\...\{9438F53D-AEA4-45AC-A19B-2DF06EACD482}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 45.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x64 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 49.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 en-US)) (Version: 49.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6141 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multilizer PDF Translator (Build 9.4.5) (HKLM-x32\...\Multilizer PDF Translator_is1) (Version: - Rex Partners)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Passport Photo Studio 1.5.1 (HKLM-x32\...\{FBBB318F-3769-4B1C-B8B2-AF7ED4DA2272}_is1) (Version: - Grogware LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeaZip 6.1.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.1.1 - Giorgio Tani)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.81 - NCH Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.0.3 - Nikon)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.0.0 - ParetoLogic, Inc.) <==== ATTENTION
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartPCFixer 5.2 (HKLM-x32\...\{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1) (Version: 5.2 - LionSea Software co., ltd) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.7 - Tweaking.com)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version: - Verizon Wireless)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.0.3 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.7.0.5) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.0.5 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01464009-6173-4374-8952-C652FCFAB89C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {05431CB0-5895-4A5A-95C8-C56FA87B5174} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {06890D3E-9362-421C-B5F3-098A67878403} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {0777C0C9-8F5A-404B-8E12-7B3D5E8979FA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0A0A5F93-65E6-4677-ADF4-4F9856CC9E05} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {0A6C9C0D-0932-4A16-AAF0-E9C9FCDA15A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {0AE0F523-3173-4DCC-AA8B-1159A874D4D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EC91B03-F788-4DA0-B777-44BD57057582} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0FA49F0D-EDC3-46CF-811E-AE2F92597C70} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {10145B53-DF6A-42EF-95A9-37F37CF2DD8B} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {10DF7DC9-FD28-4832-A291-D483A853A3BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {162EFBAA-7FBB-400E-8CA1-BB41EF430254} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {196ECD07-133E-4E7C-843E-9CCFC899FD59} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1CCCE250-E23D-4E4D-B2DD-FCF2AA911624} - System32\Tasks\{314BC234-93B4-4297-B863-C95F6EC6C40F} => Firefox.exe
Task: {1F3C1886-1335-4C48-9354-BE5641EDAEB8} - System32\Tasks\{2D7136F7-7922-43A9-87A4-37F5A7B12A4E} => C:\Program Files (x86)\Microsoft Streets & Trips 2009\Streets.exe
Task: {27AAD300-417B-47E9-B34C-451C44774E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2825CD21-9A82-4244-AD49-E73D6029F7AD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2C00418A-AA03-4A36-901F-D72BA392CB41} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Task: {32C4360F-44A1-4ADE-BAD0-ACC2F54CCA28} - \FCGOGZGXWR1 -> No File <==== ATTENTION
Task: {338A1EDE-AC20-45A9-82B6-BD8B92399F0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {35D475D1-FB77-4325-B542-DAB9373E038B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3B02957A-E20C-481D-8835-CFFC38AF8642} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {3C6A18CA-43FE-46F4-BC83-B5229189CCDA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {42EBCD23-8E42-46E5-BF30-EFEBF57CB97E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4868BE47-C5AC-475A-A446-9381FE479CD1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4C1BD779-2799-4BCB-9D24-56AE2D137D58} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {4DD685E3-A539-4E35-B908-6C27A58D7E4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-17] (Adobe Systems Incorporated)
Task: {54B93E02-C129-46E8-81AA-589F6C9E23A9} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {54D5A346-2655-4E00-B19B-0F06FBC8E873} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {5F90AA66-6C97-47A6-B92B-0240CF87560A} - System32\Tasks\{1B1A31BD-08AC-457E-A3FA-7E914C3D2EB5} => pcalua.exe -a C:\Users\Owner\Downloads\WebshotsDesktopSetup.exe -d C:\Users\Owner\Downloads
Task: {5FE2C6E4-F5C7-45D6-9FE5-46F26C732316} - System32\Tasks\{618F707E-190F-4E06-A214-6739F0904498} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {60036553-CA16-477E-A21D-9A8C559ADD95} - System32\Tasks\Computer Helper => C:\Users\Owner\Downloads\.ptmp931285\Coolmuster Android Assistant 1.9.150\Coolmuster Android Assistant 1.9.150\cool-android-assistant.exe
Task: {608D3511-99D6-40B9-9716-3912530B4529} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {6B506784-D204-4D2D-8A9F-104EA5E9949D} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {6FD63F4F-96DF-4E3D-8DD6-BE5DFFFCC311} - System32\Tasks\{95328A6C-05C9-42DF-ADC6-388930F0304B} => Firefox.exe
Task: {712EEBCA-32AE-4B3D-9C70-08DD54EF7B46} - System32\Tasks\{061C0BE8-FB22-4990-8084-EE0AB858B441} => pcalua.exe -a "C:\PROGRA~2\WinPicks 2014\UNWISE.EXE" -c C:\PROGRA~2\WinPicks 2014\INSTALL.LOG
Task: {742FF139-D839-4EFA-BF86-24CB84947A44} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {7BAC80C5-F8A7-4A8A-BA6C-4D0AEF623B8B} - System32\Tasks\{F212E2D2-C541-499D-9061-EF18BE745AC1} => pcalua.exe -a "C:\Users\Owner\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll)\Adobe CS6\Set-up.exe" -d "C:\Users\Owner\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll)\Adobe CS6 "
Task: {8532DD46-B2BA-46C8-9775-CBEBED6FBC42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {862DCD71-8E5C-4ECB-8779-33853B64B650} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {87A8F61E-0CD2-4657-A317-0749C004973C} - System32\Tasks\{8237E431-BFC1-46F8-8913-10C5D1F8C5F7} => pcalua.exe -a C:\Users\Owner\Desktop\7932_eval.exe -d C:\Users\Owner\Desktop
Task: {88E85416-6551-4209-998D-07BE0924C86B} - \Motorola Device Manager Update -> No File <==== ATTENTION
Task: {8AA251A6-D513-4E00-A09A-5B0E990CFC65} - System32\Tasks\{1F5457F0-ED03-400A-8E91-F71A4CA9A919} => pcalua.exe -a "C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe" -d "C:\Program Files (x86)\Webshots\3.1.5.7619 "
Task: {8BE17B72-BCA4-415D-B5B8-D9C2EEB14048} - System32\Tasks\{67D936EB-D81F-4441-B26B-54E7963FB3E9} => pcalua.exe -a C:\Users\Owner\Desktop\winstdut.exe -d C:\Users\Owner\Desktop
Task: {8E473BED-B777-4458-B46E-171493C27DA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8F20F010-F623-4D6E-99F1-AFC53ACDDD3A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-31] (Oracle Corporation)
Task: {903F8C87-5612-4E4F-8C5A-5343D35F76D5} - System32\Tasks\{7D0D2D9C-809B-4891-BC4C-4CB68BCC7EEE} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|17.0
Task: {905F75DA-F783-4A5E-9601-D43C06FC1CB7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9184F782-F1F6-47B0-9FE3-729095E181D0} - System32\Tasks\{36CC7655-4A4F-4FFC-A617-785C142BD8BA} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2014-09-10] (FileHippo.com)
Task: {91DD7AD0-FE12-495A-84B0-38022DBA6C49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {94072AA4-4D51-484A-8DAC-6AE7FAA92EAF} - System32\Tasks\{716C27F4-0797-49CF-A6FC-010315B3307D} => pcalua.exe -a C:\Users\Owner\Desktop\msicuu2.exe -d C:\Users\Owner\Desktop
Task: {94642D2A-650B-4F85-9CCE-7F4122CEF2C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9502E380-2E04-4048-B554-66432BFD2E7E} - \QCDWVIVQSPMYYODA -> No File <==== ATTENTION
Task: {957A6DF3-650E-4DD2-8E56-24995F85C006} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {99B3AF25-2BCB-4BF1-A5EC-64579899B826} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9B346F80-636E-48DA-876C-51B87769FAC4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {9B53DCD2-1AB1-4B38-B530-034574A99E1C} - System32\Tasks\{1A0FF42C-6D52-4A4B-8A69-016E4E45C797} => Firefox.exe
Task: {9DBDC8EC-A9D3-404A-9B86-872456060884} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9E1A06CE-DC05-4997-B9B3-D5B46FC92FBE} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-Desktop-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A3EF8D5B-3C65-481C-99C7-A4D12C56F41D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A57CE4AC-F346-47CD-9D76-E41D774FF7FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A58C1937-3DE2-4B4A-84BE-9C967DC60B97} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2016-09-28] (Toolwiz)
Task: {A71F817A-0228-4E58-92E2-DE9030E7EDB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AAE7FF32-3043-4FF6-B4FC-98EDEAB4D8C8} - System32\Tasks\{7A32C941-8D7A-42AB-B95B-413EDB500904} => C:\Program Files (x86)\Microsoft Streets & Trips 2009\Streets.exe
Task: {AEAD0BE3-3545-46FB-A686-D6BFECEEDC51} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {AFC2CFEB-EC44-4CD6-A12F-4635A10076D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B37D9867-93DD-40E6-AB03-ADA688668276} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B489239C-B6D4-44F1-96B8-340DE31CBEC6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {B83C0813-B0B3-4463-8E0B-F27A393896EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {B94CC334-29A9-4CAE-969F-FEB55BE553BD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {BB18C811-5E15-4DA3-AD89-58EC11052B33} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C1A90A73-44A8-4BB5-A063-08559387C39D} - System32\Tasks\{55FC9EAA-DC30-4581-89C0-A7CF693CDC19} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
Task: {C2D959ED-8451-4E4F-8FF7-452EE924D11C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C63FEDAB-DE1C-411A-990E-FF2AB5F3373D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C70F14EE-0DCF-471D-A34F-FA68D518527A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C71051BB-A822-4163-BE36-0C86E39AEE1B} - System32\Tasks\{C04182CB-B830-46F8-AB87-A4BA909D5C4D} => pcalua.exe -a "C:\Users\Owner\Downloads\(APPS) - Microsoft Streets And Trips 2009 (Already Patched)\Streets\Support\msicuu2.exe" -d "C:\Users\Owner\Downloads\(APPS) - Microsoft Streets And Trips 2009 (Already Patched)\Streets\Support "
Task: {CC9DCD9A-9477-4CBB-9659-02ABA1173BEA} - System32\Tasks\RealCreateProcessScheduledTask2371417S-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
Task: {CCD2E7E6-9C08-4A52-8C91-45E3D38FA9F9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CDE34B87-B404-4E32-AB61-7C0BB69DAF7E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CDF185E4-E071-4E48-9E9C-001B1ED8C56C} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {CF9CFA1A-88E3-4AD6-88D4-3668692B169B} - System32\Tasks\{AE700CBF-C56A-43FA-BBA3-18A17BB5234A} => C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe
Task: {D9D47DC9-7916-4A35-AE8A-DAAA45AA2BD8} - \Motorola Device Manager Initial Update -> No File <==== ATTENTION
Task: {DC252550-812A-42A8-8E5B-E77E3917E898} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {DF1ED49E-4499-44EF-BD1C-A7CF9E866886} - System32\Tasks\FileHippo.com online update program => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2014-09-10] (FileHippo.com)
Task: {E0D4F74D-433C-4529-8FE5-956EA9664A42} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe
Task: {E3615DCC-0C66-417F-8538-BEEDCA1EB2E2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E6960D69-6ABD-41AE-ABB3-3A2605D05F1E} - System32\Tasks\{9A7B3676-C303-432C-9348-4C8280D0283C} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
Task: {E930EFB1-3630-400C-90BD-34E369CAE712} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {EC1E905B-CF9C-447E-823F-07C2F2E78D2C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EC7DD7AE-C50E-4738-B853-C3FA44D2CC8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {EDC7BD56-1621-4DE5-99AF-4D9225C31018} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {EE48B2FC-F514-492C-91FB-9177829F2983} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {EFE15E3D-434B-483A-931D-00F598C49903} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F61A3C18-F3DF-47C3-8F51-523D23B466FA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F6DFD2DD-18C6-44E1-8E5F-FEB19240A9DC} - \{7F790B47-0C0D-047D-0E11-7A057E08110C} -> No File <==== ATTENTION
Task: {FA27F6E7-0A03-475F-9C3B-9C509C683A3B} - System32\Tasks\{A9DF0BAD-BF76-4874-BFC6-073C1636655A} => pcalua.exe -a C:\Users\Owner\Desktop\winsteng.exe -d C:\Users\Owner\Desktop
Task: {FA8A97B8-9C31-4CC5-8D99-BDA522AF5AA9} - System32\Tasks\{5CBE340D-2876-4270-A312-2BCF1AF142DA} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {FDD30B79-55F0-4746-A76A-10F6393B7DED} - System32\Tasks\KsafeDelay => C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe [2012-04-10] (Kingsoft Corporation)
Task: {FFE25523-6471-4F2D-A0E9-A56723131276} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\Owner\Desktop\AudioVideo\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-04-11 18:25 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-09 13:23 - 2016-05-09 13:23 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpbr.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpdsp.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpph.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttprbl.mdl
2006-12-05 06:09 - 2006-12-05 06:09 - 00022016 _____ () C:\Windows\System32\DELS1L6.DLL
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-13 17:26 - 2016-09-06 22:39 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-13 17:26 - 2016-09-06 22:39 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-08-18 13:52 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-06-17 16:49 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 18:42 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-13 17:23 - 2016-09-06 21:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-13 17:23 - 2016-09-06 21:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-13 17:23 - 2016-09-06 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-13 17:23 - 2016-09-06 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-21 19:53 - 2016-01-29 03:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-10-08 19:17 - 2016-10-08 19:18 - 04152000 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\gfxim.dll
2011-10-21 02:01 - 2011-10-21 02:01 - 00075160 _____ () C:\Program files (x86)\Kingsoft\PCDoctor\json.dll
2016-08-19 21:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-19 21:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-19 21:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-19 21:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-19 21:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

 

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\TEMP0757AAB [426]
AlternateDataStreams: C:\Users\Owner\Desktop\BaseCamp_462.exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Documents\desktop.ini:gs5sys [3074]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123simsen.com -> www.123simsen.com

There are 7816 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-25 19:02 - 2016-10-26 16:23 - 00001913 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com
127.0.0.1 ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
5.79.79.150 pagead2.googlesyndication.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463262124-900243846-537622603-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HBAdmin => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIRescue_29e1e52e-8cb3-4d44-80ab-cf103a49bac2 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ProductAgentService => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: WinDriveSvc => 2
MSCONFIG\Services: WinDriveSvc2 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreatFindQuickShop.lnk => C:\Windows\pss\GreatFindQuickShop.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PlutoTV.lnk => C:\Windows\pss\PlutoTV.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe "
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BackupNowEZtray => "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: BYRUA_AGENT => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Eyeline => "C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe" -logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe "
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe "
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
MSCONFIG\startupreg: PogoplugPC => "C:\Program Files (x86)\PogoplugPC\ppserver.exe" --starthidden
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe "
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "iTunesHelper "
HKLM\...\StartupApproved\Run32: => "KSafeTray "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "GarminExpressTrayApp "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "CCleaner Monitoring "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "ToolwizCareFree "

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B2E8338B-5533-4A18-A3B8-9CD1759D97B3}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CC96CA1-1258-4D4C-B11A-ABB040B67DC6}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F10E1A1A-80CE-419E-8459-A5779FA3B5AF}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA27AE28-8419-4448-B244-4C35363CFB2B}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCB9D99E-A9BB-46BC-AC04-59A3FB4D082C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85005CE4-690F-4DFD-A8A1-427CB41888D0}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0548B0C-79C0-46FF-A8A6-D4D7159E3D15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7FF66B2-7A1E-46BE-BA67-080D591A53BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{798448F7-37E9-4DE3-BADB-DF9B83C2B69C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A0E7443F-5559-4CEB-AF40-CE5FE663BCD5}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{4412F1B4-CC57-4B57-8946-60B5A045ADFF}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{ABC0CF55-80C6-4CFA-9473-6606505BBA38}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{1E585AD3-0B32-443D-A63D-729ED255D2BB}C:\users\owner\appdata\local\tbp\tvplayer.exe] => (Allow) C:\users\owner\appdata\local\tbp\tvplayer.exe
FirewallRules: [TCP Query User{7FE0F74A-DF6A-48F7-9D09-29AEABC48E76}C:\users\owner\appdata\local\tbp\tvplayer.exe] => (Allow) C:\users\owner\appdata\local\tbp\tvplayer.exe
FirewallRules: [{8E46A245-FECC-41FD-BE40-A7086439CBA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DFBF804-3B2D-4CEA-9E11-66D3CFC6679E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BAD20C0-85F6-4172-AF5E-065F23A05864}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B7049F2-1EB4-4A66-858B-D347582516C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA68DC3E-EFC7-4D16-9A92-3297450C8C7A}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B1A29E71-4275-4B41-ABE8-EF445A967E5E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{05FBB244-0C0C-42C0-905E-E6DBAE583454}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4DFC8DF8-C66F-4A72-AEF7-F92E141DBDD5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{84652EB2-31B8-4658-9E2C-11583F2B9F88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F3D38C11-DD8D-4DD5-AC07-DF8346F2F5E0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FE2AB0F7-EE79-4D21-89B8-AC40B3D289F0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{F477420C-CDE7-4AC4-8714-A0AF22146AAB}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{F6302865-8937-4499-90DC-EBBDFE107945}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [{0A71C36F-6858-4B06-9D5D-240A2430E5DD}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EE92D76C-51A1-40AE-A14A-AFBDDA5B7627}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C643B44D-E1F4-45F9-9686-4AF39CE47FA8}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{5DC7BE07-EB08-46CC-A337-13870FF932B0}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{30F73A2D-6254-4B19-BC1C-112EDE7F1483}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{8C1300A0-7DBE-47BA-AF2E-EC98F3451D89}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{6C8A94EB-1127-41CF-ADC9-AAB40A255AC8}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{6C310D5B-49AE-485D-8A0D-16AF112AD5D1}] => (Allow) C:\Program Files (x86)\Multilizer\MultilizerPDFTranslator\PDFTRanslationWizard.exe
FirewallRules: [{321E58C3-68BC-470B-82C7-C5623D84CF37}] => (Allow) C:\Program Files (x86)\Multilizer\MultilizerPDFTranslator\PDFTRanslationWizard.exe
FirewallRules: [{74F25CA0-2814-4B2B-99D6-8DE6491296F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB9326CA-20F2-45E0-8927-FE03C65D67AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF9B44E9-EB2A-45A8-855C-D5D5C2D27E9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{33FF1698-4CFB-4D67-B987-E0B1A97245D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{174D9369-16EB-462D-A30B-87D89BACA587}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CF517A23-B91D-48B6-BF83-68AFE319F677}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C0AF72AC-916B-4D07-ADB5-9D97FA8143C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3452666D-D8A0-4E5F-B144-99BCB9C39AA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D6227F80-5A57-4183-9A3D-7B9C1559F964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D3358481-1B40-4326-9571-311FDFC848B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0A2DCBB6-6FBA-441B-A23E-C8F7C88A8F62}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FEEAF313-69AD-4906-97BB-A26E9BF1B20D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2CA8F11F-B321-4163-AC15-629E7ABDFC58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2A4F221-1DDE-4E84-BD25-A0CE1D1B08D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EEAE04DE-6644-44A3-9902-5BB36841ABE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D95B1B52-592D-4AC6-98BE-8A4476391938}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{10AD99EB-1CE6-42A7-932B-4D9F888E680F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E84FCB5-6A55-40B1-B739-1C3464DC2669}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D612061-346D-4AE0-B5A8-D54796B13096}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F31F5337-2C91-457A-B634-C69021F6280C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1B92C1AA-F4EC-47A5-B644-6BD7742AF8C2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{982557C2-0F24-47A2-AA64-9DF7FAC7D154}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{93EC66D9-76E6-4DD8-A1AA-CE9F4846A757}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{76AE295B-B644-4FCD-A3E5-12A609F0AF57}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CB1BA705-559E-4F65-8626-B7B3049549F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{809D7722-E3D5-4FF5-BA92-1932D613C494}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7792B1FD-B6E6-4727-842D-E0F607871AE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3F0C7317-5289-47E5-BAB4-5B4DC8EB7779}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{60E85763-613D-4938-96CB-B9F3CB80AE11}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4FEB0DD6-CFAD-4C82-8E95-A46A9CED0A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1022EE0A-C05E-4ADA-AD4C-64AD61ADBA34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D2B9E54F-9319-466E-B015-B40D52A500A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BD022230-429A-4A76-BE5E-7647FEA5262A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{47D06532-3CF1-46A1-8C3E-8ABE873170AE}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{AD0093BC-8897-41CD-BE48-2CAD18C264F7}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [TCP Query User{9F081AFF-F87B-481F-AE39-94D92F09049F}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{DE9FE7B1-1D1A-4564-AD52-A0AEA54FB5EE}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [{B4FD6A1F-7E8A-4942-8C82-6CE4B04FBE19}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A0A512CA-88F6-457C-99AE-2CD9B43EB6E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{10878D5E-66B0-47EC-9978-86A3BB63DFF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DEC29EFB-B4F7-46E7-8C17-8566DC642EDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{644CB45C-3CAE-4868-9FD7-2E698932767C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

15-10-2016 19:45:25 Installed Classic Shell
23-10-2016 13:46:35 Installed SpyHunter
26-10-2016 12:30:25 Removed SpyHunter

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 01:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.23.0.5808, time stamp: 0x57ebee62
Faulting module name: CCleaner64.exe, version: 5.23.0.5808, time stamp: 0x57ebee62
Exception code: 0x40000015
Fault offset: 0x000000000010d529
Faulting process id: 0xd24
Faulting application start time: 0x01d22fc931ced77d
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: 58c93713-782f-460a-9243-e80b26b40fe2
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2016 01:42:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (3364) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 01:42:27 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (3364) testing: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 01:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.589, time stamp: 0x57cf9743
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000000d
Fault offset: 0x00000000000f56a0
Faulting process id: 0x65d3c
Faulting application start time: 0x01d22fa9b2acf378
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 629041c3-cc48-49ac-b6cb-3a34e015a2ed
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2016 11:23:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.6.1038.0, time stamp: 0x5615c193
Faulting module name: clr.dll, version: 4.6.1080.0, time stamp: 0x570c51a0
Exception code: 0xc0000005
Fault offset: 0x001639bc
Faulting process id: 0x6292c
Faulting application start time: 0x01d22eecd3cadaec
Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: 3cc9e20f-097a-406c-80c0-ad7bb315eed8
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2016 11:23:06 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: mscorsvw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6B4C39BC (6B360000) with exit code 80131506.

Error: (10/25/2016 11:23:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.6.1038.0, time stamp: 0x5615c193
Faulting module name: clr.dll, version: 4.6.1080.0, time stamp: 0x570c51a0
Exception code: 0xc0000005
Fault offset: 0x001639bc
Faulting process id: 0x62ba0
Faulting application start time: 0x01d22eecd00e8411
Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: 4f974267-b815-4c43-bf75-32074f6ef543
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2016 11:23:00 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: mscorsvw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6B4C39BC (6B360000) with exit code 80131506.

Error: (10/25/2016 11:22:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.6.1038.0, time stamp: 0x5615c193
Faulting module name: clr.dll, version: 4.6.1080.0, time stamp: 0x570c51a0
Exception code: 0xc0000005
Fault offset: 0x001638cc
Faulting process id: 0x614a0
Faulting application start time: 0x01d22eeccd89c1c8
Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: 98f0b416-df86-4bd2-b42c-dd35a3fead84
Faulting package full name:
Faulting package-relative application ID:

Error: (10/25/2016 11:22:55 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: mscorsvw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6B4C38CC (6B360000) with exit code 80131506.


System errors:
=============
Error: (10/26/2016 04:02:01 PM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2016 02:42:51 PM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2016 02:42:51 PM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2016 01:28:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070005: Feature update to Windows 10, version 1607.

Error: (10/26/2016 01:21:34 PM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/26/2016 01:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/26/2016 01:04:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (10/26/2016 01:04:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (10/26/2016 01:03:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_293c2b69 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/26/2016 01:03:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_293c2b69 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-10-25 11:23:08.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:06.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:04.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:56.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:55.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:54.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:52.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:45.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:43.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 8168.27 MB
Available physical RAM: 5213.98 MB
Total Virtual: 16360.27 MB
Available Virtual: 13257.91 MB

==================== Drives ================================

Drive c: (Primary) (Fixed) (Total:930.85 GB) (Free:687.93 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.29 GB) (Free:931.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B9DCE103)

Partition: GPT.

==================== End of Addition.txt ============================

 

Removed SmartPCFixer but didn't have RegCure Pro loaded. Here are the results of your scans;
RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software
mail : Contact - Adlice Software
Feedback : Adlice forum
Website : RogueKiller Anti-Malware Free Download - Official Website
Blog : Adlice Software

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/26/2016 19:24:10 (Duration : 00:54:21)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SmartPCFixer -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Xtp -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SecureWebChannel -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SmartPCFixer -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Xtp -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1} -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)

¤¤¤ Tasks : 2 ¤¤¤
[PUP] %WINDIR%\Tasks\ParetoLogic Registration3.job -- C:\Windows\system32\rundll32.exe ( "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns) -> Deleted
[PUP] %WINDIR%\Tasks\ParetoLogic Update Version3.job -- C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe -> Deleted

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\Users\Owner\AppData\Roaming\HPAppData -> Deleted
[PUP][Folder] C:\Users\Owner\AppData\Roaming\Ultimate Codec Packages -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HUA722010CLA330 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - EFI system partition | Offset (sectors): 2048 | Size: 99 MB
1 - Microsoft reserved partition | Offset (sectors): 204800 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 466944 | Size: 953640 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 1f9931e9701a48a4b7db9a617ab16e8f
[BSP] bbe5429e10aa9ce0388062284d99cf24 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - | Offset (sectors): 34 | Size: 128 MB
1 - | Offset (sectors): 264192 | Size: 100 MB
2 - [ACTIVE] | Offset (sectors): 468992 | Size: 953190 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1952602112 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: HP Photosmart Premi USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

# AdwCleaner v3.301 - Report created 26/10/2016 at 21:04:26
# Updated 28/07/2014 by Xplode
# Operating System : Windows 10 Home (64 bits)
# Username : Owner - OWNER-DESKTOP
# Running from : C:\Users\Owner\Desktop\Security\adwcleaner_3.301.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.10586.596


-\\ Mozilla Firefox v49.0 (x86 en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7394c0am.default-1477516138992\prefs.js ]


-\\ Google Chrome v50.0.2661.87

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[C1].txt - [18410 octets] - [02/04/2016 16:06:26]
AdwCleaner[R0].txt - [24827 octets] - [24/07/2014 16:20:28]
AdwCleaner[R10].txt - [2874 octets] - [07/05/2016 21:10:31]
AdwCleaner[R11].txt - [2935 octets] - [08/05/2016 14:25:44]
AdwCleaner[R12].txt - [2996 octets] - [20/05/2016 17:41:50]
AdwCleaner[R13].txt - [3647 octets] - [11/09/2016 18:26:52]
AdwCleaner[R14].txt - [2457 octets] - [27/09/2016 20:13:22]
AdwCleaner[R15].txt - [2518 octets] - [12/10/2016 11:16:41]
AdwCleaner[R16].txt - [2640 octets] - [21/10/2016 11:10:02]
AdwCleaner[R17].txt - [2830 octets] - [26/10/2016 12:38:27]
AdwCleaner[R18].txt - [2884 octets] - [26/10/2016 21:02:48]
AdwCleaner[R1].txt - [24947 octets] - [24/07/2014 16:24:30]
AdwCleaner[R2].txt - [3963 octets] - [29/07/2014 12:50:42]
AdwCleaner[R3].txt - [1753 octets] - [31/07/2014 20:41:52]
AdwCleaner[R4].txt - [4343 octets] - [08/02/2015 17:35:59]
AdwCleaner[R5].txt - [9367 octets] - [29/12/2015 18:53:03]
AdwCleaner[R6].txt - [2760 octets] - [02/04/2016 19:53:21]
AdwCleaner[R7].txt - [2249 octets] - [15/04/2016 21:14:28]
AdwCleaner[R8].txt - [2309 octets] - [15/04/2016 23:29:31]
AdwCleaner[R9].txt - [2102 octets] - [17/04/2016 21:04:24]
AdwCleaner[S0].txt - [350 octets] - [24/07/2014 16:24:05]
AdwCleaner[S10].txt - [2580 octets] - [12/10/2016 11:39:37]
AdwCleaner[S11].txt - [2702 octets] - [21/10/2016 11:47:08]
AdwCleaner[S12].txt - [2894 octets] - [26/10/2016 13:02:16]
AdwCleaner[S13].txt - [2265 octets] - [26/10/2016 21:04:26]
AdwCleaner[S1].txt - [43751 octets] - [24/07/2014 16:25:11]
AdwCleaner[S2].txt - [4080 octets] - [29/07/2014 12:54:00]
AdwCleaner[S3].txt - [318 octets] - [31/07/2014 20:42:42]
AdwCleaner[S4].txt - [344 octets] - [08/02/2015 17:37:25]
AdwCleaner[S5].txt - [9381 octets] - [29/12/2015 18:56:30]
AdwCleaner[S6].txt - [2745 octets] - [02/04/2016 19:54:50]
AdwCleaner[S7].txt - [2383 octets] - [15/04/2016 23:33:05]
AdwCleaner[S8].txt - [2166 octets] - [17/04/2016 21:05:35]
AdwCleaner[S9].txt - [3702 octets] - [11/09/2016 18:28:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [2865 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64
Ran by Owner (Administrator) on Wed 10/26/2016 at 21:15:38.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Windows\prefetch\DRIVERUPDATE-SETUP.EXE-36026B43.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERUPDATER.TMP-E36787DD.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERUPDATER.TMP-F61E889C.pf (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A7D3F239-DE1F-49BB-B657-A3FC63579793} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/26/2016 at 21:24:27.95
End of JRT log

 

Sorry about that:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2016
Scan Time: 12:10 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2016.10.26.10
Rootkit Database: v2016.09.26.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418787
Time Elapsed: 30 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Owner (administrator) on OWNER-DESKTOP (27-10-2016 14:52:37)
Running from C:\Users\Owner\Desktop\Security
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(Kingsoft Corporation) C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Toolwiz) C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Webshots.com) C:\Program Files (x86)\Webshots\Webshots.scr
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Toolwiz.com) C:\Program Files (x86)\ToolwizCareFree\ToolwizTools.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\temp\D04D4960-6760-4C04-AEF1-7A69C94B2222\DismHost.exe
(Microsoft Corporation) C:\temp\E38E3E7C-4F14-450F-B133-A2C485616EB1\DismHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2016-04-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [KSafeTray] => C:\Program files (x86)\Kingsoft\PCDoctor\KSafeTray.exe [742816 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597016 2016-03-31] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2016-09-28] (Toolwiz)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\Webshots\Webshots.scr [3474848 2010-07-27] (Webshots.com)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2016-10-22]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\Launcher.exe (Webshots.com)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 184.172.114.130,208.43.110.90
Tcpip\..\Interfaces\{cee117d8-0a7a-481d-87a6-5fab7bc86328}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{cee117d8-0a7a-481d-87a6-5fab7bc86328}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2463262124-900243846-537622603-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-07-27] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-07-27] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\Espresso64.dll [2014-01-23] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.6\Espresso.dll [2014-01-23] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKU\S-1-5-21-2463262124-900243846-537622603-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\TomTom\HOME\Profiles\2rqfaa83.default [2014-05-31]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7394c0am.default-1477516138992 [2016-10-27]
FF Homepage: Mozilla\Firefox\Profiles\7394c0am.default-1477516138992 -> hxxp://www.msn.com/
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2016-08-18]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-07-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2463262124-900243846-537622603-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2013-08-22] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-03] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-03] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-03] (Google)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-09-01]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-10-26]
CHR Extension: (Bitdefender Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-09-15]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmapfhedmiiikmeicmclonepdhjgmlcn [2016-09-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-15]
CHR HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lomdegodbindknemkcimmpfmkfjdkiho] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-06-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R3 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76952 2016-05-18] (Comodo Security Solutions, Inc.)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-18] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 KSafeSvc; C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-04-27] (RealNetworks, Inc.)
R3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2016-09-06] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-06] (Microsoft Corporation)
R3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1603264 2016-08-22] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [850464 2016-08-22] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-25] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-28] (BitDefender LLC)
S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2016-09-28] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2016-09-28] (Toolwiz.com)
S3 D-Vitec; C:\Windows\System32\DRIVERS\dvitdcnt.sys [307968 2012-07-26] (D-vitec)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2016-09-28] (Toolwiz.com)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [49752 2010-03-22] (Sunbelt Software)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-19] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 21:57 - 2016-10-26 21:57 - 00001042 _____ C:\Users\Owner\MBAM.txt
2016-10-26 21:24 - 2016-10-26 21:24 - 00001168 _____ C:\Users\Owner\JRT.txt
2016-10-26 21:04 - 2016-10-26 21:04 - 00002946 _____ C:\Users\Owner\AdwCleaner[S13].txt
2016-10-26 20:25 - 2016-10-26 20:25 - 00008138 _____ C:\Users\Owner\RKreport.txt
2016-10-26 19:23 - 2016-10-26 20:22 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-26 19:23 - 2016-10-26 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-26 16:47 - 2016-10-27 14:52 - 00000000 ____D C:\FRST
2016-10-26 13:43 - 2016-10-27 14:53 - 00000000 ____D C:\temp
2016-10-26 10:56 - 2016-10-26 10:56 - 00000000 ____D C:\Users\Owner\AppData\Temp
2016-10-24 19:11 - 2016-10-24 21:32 - 00000000 ____D C:\Users\Owner\Downloads\The.Dead.Pool.1988.720p.BluRay.x264-ESiR
2016-10-24 13:24 - 2016-10-24 13:24 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-10-24 13:08 - 2016-10-24 13:08 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-10-21 19:55 - 2016-10-21 19:55 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-21 18:10 - 2016-10-21 19:43 - 00000000 ____D C:\Program Files (x86)\Smart PC Solutions
2016-10-21 17:46 - 2016-10-21 18:00 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-21 17:34 - 2016-10-21 17:34 - 00006144 _____ C:\Users\Owner\Documents\NoGatheringAlt.est
2016-10-20 20:30 - 2016-10-20 20:30 - 00018887 _____ C:\Users\Owner\Documents\lettertoeditor.odt
2016-10-15 19:46 - 2016-10-15 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-10-15 19:46 - 2016-10-15 19:46 - 00000000 ____D C:\Program Files\Classic Shell
2016-10-15 19:44 - 2016-10-15 19:44 - 07220496 _____ (IvoSoft) C:\Users\Owner\Downloads\ClassicShellSetup_4_3_0.exe
2016-10-13 11:12 - 2016-10-13 11:12 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2016-10-13 11:11 - 2016-10-13 11:12 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2016-10-11 19:13 - 2016-10-05 00:56 - 01644736 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 01242304 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00602304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00591040 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00329920 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-10-11 19:13 - 2016-10-05 00:56 - 00144576 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 19:13 - 2016-10-05 00:56 - 00085696 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 19:13 - 2016-10-05 00:18 - 07468384 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 19:13 - 2016-10-05 00:01 - 01637216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-11 19:13 - 2016-10-04 23:54 - 01297760 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-10-11 19:13 - 2016-10-04 23:17 - 03693064 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 19:13 - 2016-10-04 22:45 - 00987488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-10-11 19:13 - 2016-10-04 22:38 - 00636296 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-10-11 19:13 - 2016-10-04 22:37 - 00640976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-10-11 19:13 - 2016-10-04 22:31 - 00422240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-10-11 19:13 - 2016-10-04 22:08 - 02937896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-11 19:13 - 2016-10-04 22:00 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-10-11 19:13 - 2016-10-04 21:49 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-10-11 19:13 - 2016-10-04 21:33 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-10-11 19:13 - 2016-10-04 21:32 - 00538744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-10-11 19:13 - 2016-10-04 21:10 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 19:13 - 2016-10-04 21:10 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 19:13 - 2016-10-04 21:00 - 01661952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 19:13 - 2016-10-04 20:55 - 03549696 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 19:13 - 2016-10-04 20:48 - 02437120 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 19:13 - 2016-10-04 20:40 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-10-11 19:13 - 2016-10-04 20:29 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 19:13 - 2016-10-04 20:10 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-11 19:13 - 2016-10-04 20:09 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-11 19:13 - 2016-10-04 19:55 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 19:13 - 2016-10-04 19:50 - 22379520 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-10-11 19:13 - 2016-10-04 19:50 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 24611328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 13392384 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 19:13 - 2016-10-04 19:39 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-11 19:13 - 2016-10-04 19:33 - 14255104 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 19:13 - 2016-10-04 19:27 - 09920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-11 19:13 - 2016-10-04 19:26 - 07836672 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-10-11 19:13 - 2016-10-04 19:22 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 19349504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 18675200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-10-11 19:13 - 2016-10-04 19:13 - 12134400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-11 19:13 - 2016-10-04 19:06 - 12587008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-11 19:13 - 2016-10-04 19:01 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-10-11 19:13 - 2016-09-26 19:39 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 19:13 - 2016-09-17 00:45 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-10-11 19:13 - 2016-09-17 00:28 - 03077120 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 19:13 - 2016-09-16 23:45 - 06312448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-10-11 19:13 - 2016-09-16 23:43 - 02552832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-11 19:13 - 2016-09-16 23:22 - 04405248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-10-11 19:12 - 2016-10-05 00:20 - 01030408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-11 19:12 - 2016-10-05 00:20 - 00875480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-11 19:12 - 2016-10-05 00:19 - 00129376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-11 19:12 - 2016-10-05 00:18 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-11 19:12 - 2016-10-05 00:18 - 01142560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-11 19:12 - 2016-10-05 00:01 - 01337184 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2016-10-11 19:12 - 2016-10-04 23:15 - 00304752 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-10-11 19:12 - 2016-10-04 23:14 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 19:12 - 2016-10-04 23:09 - 00604920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-11 19:12 - 2016-10-04 22:39 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-10-11 19:12 - 2016-10-04 22:39 - 00576856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-10-11 19:12 - 2016-10-04 22:38 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-10-11 19:12 - 2016-10-04 22:25 - 00871776 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2016-10-11 19:12 - 2016-10-04 22:23 - 00305808 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2016-10-11 19:12 - 2016-10-04 22:05 - 00256704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-10-11 19:12 - 2016-10-04 22:01 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-10-11 19:12 - 2016-10-04 21:51 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-10-11 19:12 - 2016-10-04 21:50 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 19:12 - 2016-10-04 21:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\pnpclean.dll
2016-10-11 19:12 - 2016-10-04 21:47 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2016-10-11 19:12 - 2016-10-04 21:47 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-11 19:12 - 2016-10-04 21:38 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2016-10-11 19:12 - 2016-10-04 21:35 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\wmpshell.dll
2016-10-11 19:12 - 2016-10-04 21:34 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-10-11 19:12 - 2016-10-04 21:30 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-10-11 19:12 - 2016-10-04 21:30 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2016-10-11 19:12 - 2016-10-04 21:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 19:12 - 2016-10-04 21:29 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 19:12 - 2016-10-04 21:27 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack_win.dll
2016-10-11 19:12 - 2016-10-04 21:23 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-10-11 19:12 - 2016-10-04 21:19 - 00717152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2016-10-11 19:12 - 2016-10-04 21:18 - 00253080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2016-10-11 19:12 - 2016-10-04 21:17 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
2016-10-11 19:12 - 2016-10-04 21:17 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-10-11 19:12 - 2016-10-04 21:15 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2016-10-11 19:12 - 2016-10-04 21:07 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\ApplicationFrame.dll
2016-10-11 19:12 - 2016-10-04 21:05 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-11 19:12 - 2016-10-04 21:04 - 01718272 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-11 19:12 - 2016-10-04 21:02 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 19:12 - 2016-10-04 21:00 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 19:12 - 2016-10-04 21:00 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 19:12 - 2016-10-04 20:57 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2016-10-11 19:12 - 2016-10-04 20:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-11 19:12 - 2016-10-04 20:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2016-10-11 19:12 - 2016-10-04 20:37 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-11 19:12 - 2016-10-04 20:30 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2016-10-11 19:12 - 2016-10-04 20:29 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-10-11 19:12 - 2016-10-04 20:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2016-10-11 19:12 - 2016-10-04 20:24 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2016-10-11 19:12 - 2016-10-04 20:24 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-11 19:12 - 2016-10-04 20:23 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-11 19:12 - 2016-10-04 20:15 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-10-11 19:12 - 2016-10-04 20:14 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-11 19:12 - 2016-10-04 20:13 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-11 19:12 - 2016-10-04 20:05 - 01467904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-11 19:12 - 2016-10-04 20:04 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 19:12 - 2016-10-04 20:04 - 00885248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-11 19:12 - 2016-10-04 19:59 - 02362880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-11 19:12 - 2016-10-04 19:54 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-11 19:12 - 2016-10-04 19:40 - 01626112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-10-11 19:12 - 2016-09-30 19:16 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-11 19:12 - 2016-09-17 01:08 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 19:12 - 2016-09-17 00:12 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-11 19:12 - 2016-06-17 21:55 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2016-10-11 19:12 - 2016-06-17 21:51 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-10-11 19:12 - 2016-06-17 21:49 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2016-10-11 19:12 - 2016-06-17 21:45 - 00361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2016-10-11 12:26 - 2016-10-11 12:26 - 00003626 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Owner-Desktop-Owner
2016-10-11 12:15 - 2016-10-11 12:15 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
2016-10-11 12:14 - 2016-10-11 12:14 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
2016-10-11 12:12 - 2016-10-11 12:12 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2016-10-11 12:12 - 2016-10-11 12:12 - 00001265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2016-10-11 12:10 - 2016-10-11 12:10 - 00001635 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2016-10-11 12:10 - 2016-10-11 12:10 - 00001459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2016-10-11 12:00 - 2011-04-24 22:18 - 00000000 ____D C:\Users\Owner\Downloads\Adobe Photoshop CS5.1 Extended Edition
2016-10-11 11:54 - 2016-10-11 11:59 - 1272409933 _____ C:\Users\Owner\Downloads\Adobe. Photoshop CS5.1 Extended Edition.exe
2016-10-08 20:12 - 2016-10-26 12:31 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-09-28 11:03 - 2016-09-28 11:03 - 00052992 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00052480 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00033024 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2016-09-28 11:03 - 2016-09-28 11:03 - 00003388 _____ C:\Windows\System32\Tasks\ToolwizCareFree
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ___HD C:\TOOLWIZ
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
2016-09-28 11:03 - 2016-09-28 11:03 - 00000000 ____D C:\Program Files (x86)\ToolwizCareFree

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 14:46 - 2016-09-22 20:01 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2016-10-27 14:12 - 2016-04-25 13:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-27 12:40 - 2013-06-19 17:25 - 00000000 ___RD C:\Users\Owner\Desktop\Security
2016-10-27 10:50 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\AppReadiness
2016-10-27 10:49 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-26 22:15 - 2016-05-21 19:57 - 00000000 ____D C:\Users\Owner
2016-10-26 21:14 - 2016-05-21 19:56 - 01353748 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 21:14 - 2015-10-30 00:21 - 00000000 ____D C:\Windows\INF
2016-10-26 21:12 - 2014-07-24 16:20 - 00000000 ____D C:\AdwCleaner
2016-10-26 21:11 - 2015-10-29 23:28 - 00065536 ___SH C:\Windows\system32\config\ELAM
2016-10-26 21:10 - 2016-05-21 20:37 - 00002414 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-26 21:10 - 2016-05-21 20:37 - 00000000 ___RD C:\Users\Owner\OneDrive
2016-10-26 21:07 - 2016-02-13 06:14 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-26 20:17 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-26 19:24 - 2015-12-29 19:54 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-26 15:16 - 2011-09-27 12:24 - 00027727 _____ C:\Users\Owner\Documents\Budget.ods
2016-10-26 13:45 - 2016-05-18 19:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-10-26 13:19 - 2016-05-18 10:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-26 13:19 - 2014-03-23 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-26 13:06 - 2015-10-29 23:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-10-26 12:31 - 2016-04-03 15:12 - 00000000 ____D C:\sh4ldr
2016-10-25 19:45 - 2013-06-29 17:59 - 00000000 ____D C:\ProgramData\xml_param
2016-10-24 14:21 - 2013-06-19 17:19 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2016-10-24 13:08 - 2013-10-24 13:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-10-21 19:55 - 2016-05-21 20:49 - 00000000 ___DC C:\Windows\Panther
2016-10-21 19:43 - 2015-10-30 00:26 - 00000000 ____D C:\Windows\Setup
2016-10-21 19:41 - 2016-04-03 15:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Enigma Software Group
2016-10-21 18:51 - 2015-08-08 13:47 - 00001908 _____ C:\Windows\diagwrn.xml
2016-10-21 18:51 - 2015-08-08 13:47 - 00001908 _____ C:\Windows\diagerr.xml
2016-10-21 14:24 - 2016-08-05 12:41 - 00016618 _____ C:\Users\Owner\Documents\WaynesLedger.ods
2016-10-21 11:49 - 2013-11-17 14:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-17 10:01 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-17 10:01 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-15 16:48 - 2013-06-19 17:25 - 00000000 ___RD C:\Users\Owner\Desktop\AudioVideo
2016-10-14 12:53 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\rescache
2016-10-14 11:00 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-14 11:00 - 2015-10-30 00:11 - 00000000 ____D C:\Windows\CbsTemp
2016-10-14 10:22 - 2016-02-13 06:11 - 05157776 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 20:32 - 2015-10-30 00:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-10-13 20:32 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-10-13 12:12 - 2013-07-16 21:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-13 12:02 - 2013-06-18 07:48 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-13 11:12 - 2014-06-15 20:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-10-13 11:03 - 2015-06-12 09:38 - 00000000 ____D C:\Users\Owner\Documents\My Filehippo Downloads
2016-10-12 11:41 - 2013-06-18 08:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 11:41 - 2013-06-18 08:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 10:31 - 2013-06-18 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-11 20:27 - 2014-12-25 11:15 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 20:26 - 2015-05-04 19:34 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-11 12:15 - 2015-12-31 15:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-11 12:14 - 2016-08-10 16:59 - 00000000 ____D C:\Program Files\Adobe
2016-10-11 12:14 - 2014-06-05 11:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-10-11 12:14 - 2013-11-03 18:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-10-11 12:13 - 2013-06-24 15:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-11 12:10 - 2014-06-06 10:42 - 00000000 ____D C:\ProgramData\Adobe
2016-10-10 14:10 - 2016-05-19 21:02 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-10 14:10 - 2013-06-24 18:52 - 00000000 ____D C:\Program Files\WinRAR
2016-10-09 11:02 - 2015-06-10 14:22 - 00017518 _____ C:\Users\Public\Documents\Passwords.odt
2016-10-08 20:08 - 2016-09-10 15:33 - 00018852 _____ C:\Users\Owner\Documents\REEVES TRUST.odt
2016-10-08 19:40 - 2015-10-30 00:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-09-30 17:23 - 2015-10-30 00:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-30 17:23 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 10:13 - 2016-08-17 21:24 - 00000000 ____D C:\Windows10Upgrade
2016-09-28 13:19 - 2013-07-20 19:29 - 00000000 ____D C:\ProgramData\OfficeGuardian
2016-09-28 11:10 - 2016-08-18 12:08 - 00000000 ____D C:\Windows\Minidump
2016-09-28 11:10 - 2013-06-19 17:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer

==================== Files in the root of some directories =======

2016-04-15 21:11 - 2016-04-15 21:11 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\1.txt
2014-02-11 12:14 - 2014-02-11 12:14 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-03-31 19:17 - 2016-03-31 19:18 - 6504960 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Applications
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Audio Unit Effect
2013-04-22 17:43 - 2013-06-25 13:44 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2016-03-31 19:16 - 2016-03-31 19:16 - 0127488 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-03-31 19:17 - 2016-03-31 19:18 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2015-12-29 14:50 - 2016-03-22 11:37 - 0023069 _____ () C:\Users\Owner\AppData\Roaming\PassportPhotoStudio
2013-04-22 17:43 - 2013-06-25 13:44 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2013-04-22 17:43 - 2013-06-25 13:44 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2013-04-22 17:43 - 2013-06-25 13:44 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2013-03-10 16:24 - 2013-03-10 16:24 - 0001181 _____ () C:\Users\Owner\AppData\Roaming\trace_FilterInstaller.txt
2012-04-29 14:26 - 2013-06-25 13:44 - 0001057 _____ () C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
2013-07-27 11:17 - 2013-11-19 11:33 - 0000113 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-06-25 15:17 - 2013-11-19 11:33 - 0000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-10-29 14:34 - 2013-10-29 14:36 - 144790821 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload
2013-10-29 14:34 - 2013-10-29 14:36 - 0001817 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload.aamd
2014-06-04 10:52 - 2014-06-04 10:52 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-12-07 14:12 - 2013-12-07 14:12 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-09 14:19 - 2015-07-01 15:47 - 0015872 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\file__0.localstorage
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\https_drm.youdagames.com_0.localstorage
2013-12-25 15:10 - 2013-12-25 15:10 - 0067992 _____ () C:\Users\Owner\AppData\Local\kfiafmdj
2013-10-12 10:27 - 2013-10-14 15:17 - 0361117 _____ () C:\Users\Owner\AppData\Local\newhb2.crx
2013-12-30 14:09 - 2013-12-30 14:09 - 0000008 ____H () C:\Users\Owner\AppData\Local\pcdit.dat
2013-12-25 15:11 - 2013-12-25 15:11 - 0012326 _____ () C:\Users\Owner\AppData\Local\ptonlrhw
2013-10-22 10:58 - 2013-10-22 10:58 - 0000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2012-04-22 15:13 - 2016-10-26 10:25 - 0007606 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-01-26 16:24 - 2013-01-26 16:24 - 0370526 _____ () C:\Users\Owner\AppData\Local\speeddial.crx
2013-10-24 13:20 - 2013-10-24 13:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\ProgramData\Authentication
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\ProgramData\Automator
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis1C67.exe
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis3436.exe
2016-08-18 12:06 - 2016-08-18 12:06 - 0000000 _____ () C:\ProgramData\cis8C91.exe
2013-07-05 13:37 - 2016-04-30 18:08 - 0000007 _____ () C:\ProgramData\ddpN.tst
2016-05-21 19:53 - 2016-05-21 19:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 14:08 - 2013-12-30 14:08 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2015-02-11 20:32 - 2015-02-11 20:46 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-19 12:00 - 2014-06-26 16:24 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2013-12-19 12:02 - 2014-06-26 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT

Files to move or delete:
====================
C:\ProgramData\cis1C67.exe
C:\ProgramData\cis3436.exe
C:\ProgramData\cis8C91.exe
C:\Users\Owner\mbam-setup-2.1.4.1018.exe
C:\Users\Owner\winstdut.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-18 11:26

==================== End of FRST.txt
============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Owner (27-10-2016 14:54:09)
Running from C:\Users\Owner\Desktop\Security
Windows 10 Home Version 1511 (X64) (2016-05-22 03:30:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2463262124-900243846-537622603-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2463262124-900243846-537622603-503 - Limited - Disabled)
Guest (S-1-5-21-2463262124-900243846-537622603-501 - Limited - Disabled)
Owner (S-1-5-21-2463262124-900243846-537622603-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
100% Free Chess 7.42 (HKLM-x32\...\FreeChess) (Version: 7.42 - DreamQuest)
100% Free Cribbage 7.42 (HKLM-x32\...\FreeCribbage) (Version: 7.42 - DreamQuest)
100% Free Five Hundred 7.42 (HKLM-x32\...\Free500) (Version: 7.42 - DreamQuest)
100% Free Gin 7.42 (HKLM-x32\...\FreeGin) (Version: 7.42 - DreamQuest)
100% Free Hearts 7.42 (HKLM-x32\...\FreeHearts) (Version: 7.42 - DreamQuest)
100% Free Rummy 7.42 (HKLM-x32\...\FreeRummy) (Version: 7.42 - DreamQuest)
100% Free Spades 7.42 (HKLM-x32\...\FreeSpades) (Version: 7.42 - DreamQuest)
123 Free Solitaire v10.3 (HKLM-x32\...\123 Free Solitaire_is1) (Version: - TreeCardGames)
3DP Chip v13.02 (HKLM-x32\...\3DP Chip) (Version: v13.02 - )
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM-x32\...\Adobe PageMaker 7.0) (Version: 7.0.1 - Adobe Systems, Inc.)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2BFD590F-1D73-3533-E734-FDDAC3746E4A}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
AstroViewer 3.1.6 (HKLM-x32\...\AstroViewer 3.1.6) (Version: - Dirk Matussek)
AVEO UVC Like Driver (HKLM-x32\...\{21A196EC-241B-4A79-970B-E9585F1CE90C}) (Version: 2.7.0.0 - aveotek)
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVS Photo Editor 2.3.5 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.3.5.151 - Online Media Technologies Ltd.)
AX88179_AX88178A Windows 7 Drivers (HKLM-x32\...\InstallShield_{14414298-5199-4C52-81E2-FF1501EAAD72}) (Version: 2.0.1.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows 7 Drivers (x32 Version: 2.0.1.0 - ASIX Electronics Corporation) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.26.1436 - Bitdefender)
Bitdefender Antivirus Plus 2016 (HKLM\...\Bitdefender) (Version: 20.0.26.1418 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Daniusoft Video Converter Ultimate(Build 3.0.3.1) (HKLM-x32\...\Daniusoft Video Converter Ultimate_is1) (Version: - Daniusoft Software)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Double Deck Pinochle 4.14 (HKLM-x32\...\Double Deck Pinochle_is1) (Version: - SAC Products)
Double-Six Dominoes v3.0 (HKLM-x32\...\{3FEF0A81-8111-40CA-978C-E4E21977B451}) (Version: 1.0.0 - BoltBait)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
EZ Grabber (HKLM-x32\...\{8543A572-5993-4101-BACC-C83884E183A4}) (Version: 2.00.0000 - EZ Grabber)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
Hallmark Card Studio Select (HKLM-x32\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.0.34 - Creative Home)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}) (Version: 14.0 - HP)
HP Smart Print 2.6 (HKLM-x32\...\{4555A338-5952-4150-81B9-655763BAF872}) (Version: 2.6.0.238 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
iSkysoft Data Recovery(Build 1.3.2.2) (HKLM-x32\...\{656DB838-DB63-4acd-82E3-BB363ED99116}_is1) (Version: 1.3.2.2 - iSkysoft Software Co.,Ltd.)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Kindle fire video converter version V0.9.3 (HKLM-x32\...\{7ADFAD84-67E8-49FC-A9E7-DBF1E2ECA8E7}_is1) (Version: V0.9.3 - Epubor Inc.)
Kingsoft PC Doctor 3.7.0.47 (HKLM-x32\...\Kingsoft PC Doctor) (Version: 3.7.0.47 - Kingsoft PC Doctor)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.111.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.111.09020 - Sony)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 Samples (HKLM-x32\...\{9438F53D-AEA4-45AC-A19B-2DF06EACD482}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 45.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.2 (x64 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Firefox 49.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0 (x86 en-US)) (Version: 49.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6141 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multilizer PDF Translator (Build 9.4.5) (HKLM-x32\...\Multilizer PDF Translator_is1) (Version: - Rex Partners)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 3.0.2.55 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 3.0.2.55 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Passport Photo Studio 1.5.1 (HKLM-x32\...\{FBBB318F-3769-4B1C-B8B2-AF7ED4DA2272}_is1) (Version: - Grogware LLC)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeaZip 6.1.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.1.1 - Giorgio Tani)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.81 - NCH Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.0.3 - Nikon)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.5.0 - Prolific Technology INC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.7 - Tweaking.com)
UltraMon (HKLM\...\{9069EE0A-7615-4D86-AD80-CA263E936DA6}) (Version: 3.2.2 - Realtime Soft Ltd)
USB2.0 ATV (HKLM-x32\...\{3C873221-12B9-475D-8DCB-62D0B2179AF9}) (Version: 6.10.000.001 - Regulus)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version: - Verizon Wireless)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Video Capture Driver Install 64bit 6.0.113 (HKLM-x32\...\{EFEF320F-538D-4314-BCDB-161AE603A9EA}) (Version: 6.0.113 - geniatech)
ViewNX (HKLM-x32\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.0.3 - Nikon)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 8.7.0.5) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.7.0.5 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2463262124-900243846-537622603-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01464009-6173-4374-8952-C652FCFAB89C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {05431CB0-5895-4A5A-95C8-C56FA87B5174} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {06890D3E-9362-421C-B5F3-098A67878403} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
Task: {0777C0C9-8F5A-404B-8E12-7B3D5E8979FA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0A0A5F93-65E6-4677-ADF4-4F9856CC9E05} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {0A6C9C0D-0932-4A16-AAF0-E9C9FCDA15A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {0AE0F523-3173-4DCC-AA8B-1159A874D4D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0EC91B03-F788-4DA0-B777-44BD57057582} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0FA49F0D-EDC3-46CF-811E-AE2F92597C70} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {10DF7DC9-FD28-4832-A291-D483A853A3BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {196ECD07-133E-4E7C-843E-9CCFC899FD59} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {1CCCE250-E23D-4E4D-B2DD-FCF2AA911624} - System32\Tasks\{314BC234-93B4-4297-B863-C95F6EC6C40F} => Firefox.exe
Task: {1F3C1886-1335-4C48-9354-BE5641EDAEB8} - System32\Tasks\{2D7136F7-7922-43A9-87A4-37F5A7B12A4E} => C:\Program Files (x86)\Microsoft Streets & Trips 2009\Streets.exe
Task: {27AAD300-417B-47E9-B34C-451C44774E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2825CD21-9A82-4244-AD49-E73D6029F7AD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2C00418A-AA03-4A36-901F-D72BA392CB41} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Task: {32C4360F-44A1-4ADE-BAD0-ACC2F54CCA28} - \FCGOGZGXWR1 -> No File <==== ATTENTION
Task: {338A1EDE-AC20-45A9-82B6-BD8B92399F0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {35D475D1-FB77-4325-B542-DAB9373E038B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3B02957A-E20C-481D-8835-CFFC38AF8642} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {3C6A18CA-43FE-46F4-BC83-B5229189CCDA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {42EBCD23-8E42-46E5-BF30-EFEBF57CB97E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4868BE47-C5AC-475A-A446-9381FE479CD1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4C1BD779-2799-4BCB-9D24-56AE2D137D58} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe
Task: {4DD685E3-A539-4E35-B908-6C27A58D7E4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-17] (Adobe Systems Incorporated)
Task: {54B93E02-C129-46E8-81AA-589F6C9E23A9} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {54D5A346-2655-4E00-B19B-0F06FBC8E873} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {5F90AA66-6C97-47A6-B92B-0240CF87560A} - System32\Tasks\{1B1A31BD-08AC-457E-A3FA-7E914C3D2EB5} => pcalua.exe -a C:\Users\Owner\Downloads\WebshotsDesktopSetup.exe -d C:\Users\Owner\Downloads
Task: {5FE2C6E4-F5C7-45D6-9FE5-46F26C732316} - System32\Tasks\{618F707E-190F-4E06-A214-6739F0904498} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Task: {60036553-CA16-477E-A21D-9A8C559ADD95} - System32\Tasks\Computer Helper => C:\Users\Owner\Downloads\.ptmp931285\Coolmuster Android Assistant 1.9.150\Coolmuster Android Assistant 1.9.150\cool-android-assistant.exe
Task: {608D3511-99D6-40B9-9716-3912530B4529} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {6B506784-D204-4D2D-8A9F-104EA5E9949D} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {6FD63F4F-96DF-4E3D-8DD6-BE5DFFFCC311} - System32\Tasks\{95328A6C-05C9-42DF-ADC6-388930F0304B} => Firefox.exe
Task: {712EEBCA-32AE-4B3D-9C70-08DD54EF7B46} - System32\Tasks\{061C0BE8-FB22-4990-8084-EE0AB858B441} => pcalua.exe -a "C:\PROGRA~2\WinPicks 2014\UNWISE.EXE" -c C:\PROGRA~2\WinPicks 2014\INSTALL.LOG
Task: {7BAC80C5-F8A7-4A8A-BA6C-4D0AEF623B8B} - System32\Tasks\{F212E2D2-C541-499D-9061-EF18BE745AC1} => pcalua.exe -a "C:\Users\Owner\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll)\Adobe CS6\Set-up.exe" -d "C:\Users\Owner\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll)\Adobe CS6 "
Task: {8532DD46-B2BA-46C8-9775-CBEBED6FBC42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {862DCD71-8E5C-4ECB-8779-33853B64B650} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {87A8F61E-0CD2-4657-A317-0749C004973C} - System32\Tasks\{8237E431-BFC1-46F8-8913-10C5D1F8C5F7} => pcalua.exe -a C:\Users\Owner\Desktop\7932_eval.exe -d C:\Users\Owner\Desktop
Task: {88E85416-6551-4209-998D-07BE0924C86B} - \Motorola Device Manager Update -> No File <==== ATTENTION
Task: {8AA251A6-D513-4E00-A09A-5B0E990CFC65} - System32\Tasks\{1F5457F0-ED03-400A-8E91-F71A4CA9A919} => pcalua.exe -a "C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe" -d "C:\Program Files (x86)\Webshots\3.1.5.7619 "
Task: {8BE17B72-BCA4-415D-B5B8-D9C2EEB14048} - System32\Tasks\{67D936EB-D81F-4441-B26B-54E7963FB3E9} => pcalua.exe -a C:\Users\Owner\Desktop\winstdut.exe -d C:\Users\Owner\Desktop
Task: {8E473BED-B777-4458-B46E-171493C27DA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8F20F010-F623-4D6E-99F1-AFC53ACDDD3A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-03-31] (Oracle Corporation)
Task: {903F8C87-5612-4E4F-8C5A-5343D35F76D5} - System32\Tasks\{7D0D2D9C-809B-4891-BC4C-4CB68BCC7EEE} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|17.0
Task: {905F75DA-F783-4A5E-9601-D43C06FC1CB7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9184F782-F1F6-47B0-9FE3-729095E181D0} - System32\Tasks\{36CC7655-4A4F-4FFC-A617-785C142BD8BA} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2014-09-10] (FileHippo.com)
Task: {91DD7AD0-FE12-495A-84B0-38022DBA6C49} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {94072AA4-4D51-484A-8DAC-6AE7FAA92EAF} - System32\Tasks\{716C27F4-0797-49CF-A6FC-010315B3307D} => pcalua.exe -a C:\Users\Owner\Desktop\msicuu2.exe -d C:\Users\Owner\Desktop
Task: {94642D2A-650B-4F85-9CCE-7F4122CEF2C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {9502E380-2E04-4048-B554-66432BFD2E7E} - \QCDWVIVQSPMYYODA -> No File <==== ATTENTION
Task: {957A6DF3-650E-4DD2-8E56-24995F85C006} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {99B3AF25-2BCB-4BF1-A5EC-64579899B826} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {9B346F80-636E-48DA-876C-51B87769FAC4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {9B53DCD2-1AB1-4B38-B530-034574A99E1C} - System32\Tasks\{1A0FF42C-6D52-4A4B-8A69-016E4E45C797} => Firefox.exe
Task: {9DBDC8EC-A9D3-404A-9B86-872456060884} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9E1A06CE-DC05-4997-B9B3-D5B46FC92FBE} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-Desktop-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A3EF8D5B-3C65-481C-99C7-A4D12C56F41D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A57CE4AC-F346-47CD-9D76-E41D774FF7FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A58C1937-3DE2-4B4A-84BE-9C967DC60B97} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2016-09-28] (Toolwiz)
Task: {A71F817A-0228-4E58-92E2-DE9030E7EDB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AAE7FF32-3043-4FF6-B4FC-98EDEAB4D8C8} - System32\Tasks\{7A32C941-8D7A-42AB-B95B-413EDB500904} => C:\Program Files (x86)\Microsoft Streets & Trips 2009\Streets.exe
Task: {AEAD0BE3-3545-46FB-A686-D6BFECEEDC51} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {AFC2CFEB-EC44-4CD6-A12F-4635A10076D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B37D9867-93DD-40E6-AB03-ADA688668276} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B489239C-B6D4-44F1-96B8-340DE31CBEC6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {B83C0813-B0B3-4463-8E0B-F27A393896EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {B94CC334-29A9-4CAE-969F-FEB55BE553BD} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {BB18C811-5E15-4DA3-AD89-58EC11052B33} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C1A90A73-44A8-4BB5-A063-08559387C39D} - System32\Tasks\{55FC9EAA-DC30-4581-89C0-A7CF693CDC19} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
Task: {C2D959ED-8451-4E4F-8FF7-452EE924D11C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C63FEDAB-DE1C-411A-990E-FF2AB5F3373D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C70F14EE-0DCF-471D-A34F-FA68D518527A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C71051BB-A822-4163-BE36-0C86E39AEE1B} - System32\Tasks\{C04182CB-B830-46F8-AB87-A4BA909D5C4D} => pcalua.exe -a "C:\Users\Owner\Downloads\(APPS) - Microsoft Streets And Trips 2009 (Already Patched)\Streets\Support\msicuu2.exe" -d "C:\Users\Owner\Downloads\(APPS) - Microsoft Streets And Trips 2009 (Already Patched)\Streets\Support "
Task: {CC9DCD9A-9477-4CBB-9659-02ABA1173BEA} - System32\Tasks\RealCreateProcessScheduledTask2371417S-1-5-21-2463262124-900243846-537622603-1000 => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
Task: {CCD2E7E6-9C08-4A52-8C91-45E3D38FA9F9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CDE34B87-B404-4E32-AB61-7C0BB69DAF7E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CDF185E4-E071-4E48-9E9C-001B1ED8C56C} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {CF9CFA1A-88E3-4AD6-88D4-3668692B169B} - System32\Tasks\{AE700CBF-C56A-43FA-BBA3-18A17BB5234A} => C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe
Task: {D9D47DC9-7916-4A35-AE8A-DAAA45AA2BD8} - \Motorola Device Manager Initial Update -> No File <==== ATTENTION
Task: {DC252550-812A-42A8-8E5B-E77E3917E898} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {DF1ED49E-4499-44EF-BD1C-A7CF9E866886} - System32\Tasks\FileHippo.com online update program => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2014-09-10] (FileHippo.com)
Task: {E0D4F74D-433C-4529-8FE5-956EA9664A42} - System32\Tasks\NCH Software\DebutSevenDays => C:\Program Files (x86)\NCH Software\Debut\Debut.exe
Task: {E3615DCC-0C66-417F-8538-BEEDCA1EB2E2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {E6960D69-6ABD-41AE-ABB3-3A2605D05F1E} - System32\Tasks\{9A7B3676-C303-432C-9348-4C8280D0283C} => C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
Task: {E930EFB1-3630-400C-90BD-34E369CAE712} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {EC1E905B-CF9C-447E-823F-07C2F2E78D2C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EC7DD7AE-C50E-4738-B853-C3FA44D2CC8D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {EDC7BD56-1621-4DE5-99AF-4D9225C31018} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {EE48B2FC-F514-492C-91FB-9177829F2983} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {EFE15E3D-434B-483A-931D-00F598C49903} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F61A3C18-F3DF-47C3-8F51-523D23B466FA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F6DFD2DD-18C6-44E1-8E5F-FEB19240A9DC} - \{7F790B47-0C0D-047D-0E11-7A057E08110C} -> No File <==== ATTENTION
Task: {FA27F6E7-0A03-475F-9C3B-9C509C683A3B} - System32\Tasks\{A9DF0BAD-BF76-4874-BFC6-073C1636655A} => pcalua.exe -a C:\Users\Owner\Desktop\winsteng.exe -d C:\Users\Owner\Desktop
Task: {FA8A97B8-9C31-4CC5-8D99-BDA522AF5AA9} - System32\Tasks\{5CBE340D-2876-4270-A312-2BCF1AF142DA} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {FDD30B79-55F0-4746-A76A-10F6393B7DED} - System32\Tasks\KsafeDelay => C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeTray.exe [2012-04-10] (Kingsoft Corporation)
Task: {FFE25523-6471-4F2D-A0E9-A56723131276} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\Owner\Desktop\AudioVideo\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-04-11 18:25 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-09 13:23 - 2016-05-09 13:23 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpbr.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpdsp.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttpph.mdl
2016-05-09 13:23 - 2016-05-09 13:23 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_003\ashttprbl.mdl
2006-12-05 06:09 - 2006-12-05 06:09 - 00022016 _____ () C:\Windows\System32\DELS1L6.DLL
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-13 17:26 - 2016-09-06 22:39 - 02656952 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-13 17:26 - 2016-09-06 22:39 - 02656952 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-26 21:10 - 2016-10-26 21:10 - 00959168 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-08-18 13:52 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2014-06-17 16:49 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 18:42 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-13 17:23 - 2016-09-06 21:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-13 17:23 - 2016-09-06 21:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-13 17:23 - 2016-09-06 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-13 17:23 - 2016-09-06 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-10-08 19:17 - 2016-10-08 19:18 - 04152000 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7369.40791.0_x64__8wekyb3d8bbwe\gfxim.dll
2011-10-21 02:01 - 2011-10-21 02:01 - 00075160 _____ () C:\Program files (x86)\Kingsoft\PCDoctor\json.dll
2016-08-19 21:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-08-19 21:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-08-19 21:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-08-19 21:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-08-19 21:07 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-26 21:10 - 2016-10-26 21:10 - 00679624 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-12-19 12:08 - 2002-07-04 10:38 - 00053248 _____ () C:\Program Files (x86)\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-05-22 12:07 - 2016-05-22 12:07 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\TEMP0757AAB [426]
AlternateDataStreams: C:\Users\Owner\Desktop\BaseCamp_462.exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Documents\desktop.ini:gs5sys [3074]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\123simsen.com -> www.123simsen.com

There are 7816 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-04-25 19:02 - 2016-10-27 14:16 - 00001913 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com
127.0.0.1 ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
5.79.79.150 pagead2.googlesyndication.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463262124-900243846-537622603-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DeviceMonitorService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HBAdmin => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssSrv => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIRescue_29e1e52e-8cb3-4d44-80ab-cf103a49bac2 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: ProductAgentService => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: WinDriveSvc => 2
MSCONFIG\Services: WinDriveSvc2 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GreatFindQuickShop.lnk => C:\Windows\pss\GreatFindQuickShop.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PlutoTV.lnk => C:\Windows\pss\PlutoTV.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe "
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BackupNowEZtray => "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: BYRUA_AGENT => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Eyeline => "C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe" -logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe "
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe "
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: pdiface => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
MSCONFIG\startupreg: PogoplugPC => "C:\Program Files (x86)\PogoplugPC\ppserver.exe" --starthidden
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe "
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe "
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WSHelperSetup.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "iTunesHelper "
HKLM\...\StartupApproved\Run32: => "KSafeTray "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "GarminExpressTrayApp "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "CCleaner Monitoring "
HKU\S-1-5-21-2463262124-900243846-537622603-1000\...\StartupApproved\Run: => "ToolwizCareFree "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B2E8338B-5533-4A18-A3B8-9CD1759D97B3}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CC96CA1-1258-4D4C-B11A-ABB040B67DC6}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F10E1A1A-80CE-419E-8459-A5779FA3B5AF}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA27AE28-8419-4448-B244-4C35363CFB2B}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCB9D99E-A9BB-46BC-AC04-59A3FB4D082C}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{85005CE4-690F-4DFD-A8A1-427CB41888D0}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A0548B0C-79C0-46FF-A8A6-D4D7159E3D15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E7FF66B2-7A1E-46BE-BA67-080D591A53BE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{798448F7-37E9-4DE3-BADB-DF9B83C2B69C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A0E7443F-5559-4CEB-AF40-CE5FE663BCD5}] => (Block) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
FirewallRules: [{4412F1B4-CC57-4B57-8946-60B5A045ADFF}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{ABC0CF55-80C6-4CFA-9473-6606505BBA38}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{1E585AD3-0B32-443D-A63D-729ED255D2BB}C:\users\owner\appdata\local\tbp\tvplayer.exe] => (Allow) C:\users\owner\appdata\local\tbp\tvplayer.exe
FirewallRules: [TCP Query User{7FE0F74A-DF6A-48F7-9D09-29AEABC48E76}C:\users\owner\appdata\local\tbp\tvplayer.exe] => (Allow) C:\users\owner\appdata\local\tbp\tvplayer.exe
FirewallRules: [{8E46A245-FECC-41FD-BE40-A7086439CBA5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DFBF804-3B2D-4CEA-9E11-66D3CFC6679E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BAD20C0-85F6-4172-AF5E-065F23A05864}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B7049F2-1EB4-4A66-858B-D347582516C0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA68DC3E-EFC7-4D16-9A92-3297450C8C7A}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{B1A29E71-4275-4B41-ABE8-EF445A967E5E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{05FBB244-0C0C-42C0-905E-E6DBAE583454}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4DFC8DF8-C66F-4A72-AEF7-F92E141DBDD5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{84652EB2-31B8-4658-9E2C-11583F2B9F88}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F3D38C11-DD8D-4DD5-AC07-DF8346F2F5E0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FE2AB0F7-EE79-4D21-89B8-AC40B3D289F0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{F477420C-CDE7-4AC4-8714-A0AF22146AAB}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{F6302865-8937-4499-90DC-EBBDFE107945}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [{0A71C36F-6858-4B06-9D5D-240A2430E5DD}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{EE92D76C-51A1-40AE-A14A-AFBDDA5B7627}] => (Allow) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{C643B44D-E1F4-45F9-9686-4AF39CE47FA8}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{5DC7BE07-EB08-46CC-A337-13870FF932B0}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
FirewallRules: [{30F73A2D-6254-4B19-BC1C-112EDE7F1483}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{8C1300A0-7DBE-47BA-AF2E-EC98F3451D89}] => (Allow) C:\Program Files (x86)\Motorola Mobility\MotoCast\motocast.exe
FirewallRules: [{6C8A94EB-1127-41CF-ADC9-AAB40A255AC8}] => (Allow) C:\Program Files (x86)\Motorola Media Link\Lite\mml.exe
FirewallRules: [{6C310D5B-49AE-485D-8A0D-16AF112AD5D1}] => (Allow) C:\Program Files (x86)\Multilizer\MultilizerPDFTranslator\PDFTRanslationWizard.exe
FirewallRules: [{321E58C3-68BC-470B-82C7-C5623D84CF37}] => (Allow) C:\Program Files (x86)\Multilizer\MultilizerPDFTranslator\PDFTRanslationWizard.exe
FirewallRules: [{74F25CA0-2814-4B2B-99D6-8DE6491296F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FB9326CA-20F2-45E0-8927-FE03C65D67AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF9B44E9-EB2A-45A8-855C-D5D5C2D27E9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{33FF1698-4CFB-4D67-B987-E0B1A97245D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{174D9369-16EB-462D-A30B-87D89BACA587}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CF517A23-B91D-48B6-BF83-68AFE319F677}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C0AF72AC-916B-4D07-ADB5-9D97FA8143C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3452666D-D8A0-4E5F-B144-99BCB9C39AA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D6227F80-5A57-4183-9A3D-7B9C1559F964}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D3358481-1B40-4326-9571-311FDFC848B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{0A2DCBB6-6FBA-441B-A23E-C8F7C88A8F62}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FEEAF313-69AD-4906-97BB-A26E9BF1B20D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2CA8F11F-B321-4163-AC15-629E7ABDFC58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2A4F221-1DDE-4E84-BD25-A0CE1D1B08D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EEAE04DE-6644-44A3-9902-5BB36841ABE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D95B1B52-592D-4AC6-98BE-8A4476391938}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{10AD99EB-1CE6-42A7-932B-4D9F888E680F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9E84FCB5-6A55-40B1-B739-1C3464DC2669}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D612061-346D-4AE0-B5A8-D54796B13096}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F31F5337-2C91-457A-B634-C69021F6280C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1B92C1AA-F4EC-47A5-B644-6BD7742AF8C2}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{982557C2-0F24-47A2-AA64-9DF7FAC7D154}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{93EC66D9-76E6-4DD8-A1AA-CE9F4846A757}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{76AE295B-B644-4FCD-A3E5-12A609F0AF57}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{CB1BA705-559E-4F65-8626-B7B3049549F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{809D7722-E3D5-4FF5-BA92-1932D613C494}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{7792B1FD-B6E6-4727-842D-E0F607871AE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{3F0C7317-5289-47E5-BAB4-5B4DC8EB7779}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{60E85763-613D-4938-96CB-B9F3CB80AE11}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{4FEB0DD6-CFAD-4C82-8E95-A46A9CED0A4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1022EE0A-C05E-4ADA-AD4C-64AD61ADBA34}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{D2B9E54F-9319-466E-B015-B40D52A500A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{BD022230-429A-4A76-BE5E-7647FEA5262A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{47D06532-3CF1-46A1-8C3E-8ABE873170AE}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [UDP Query User{AD0093BC-8897-41CD-BE48-2CAD18C264F7}C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\mediaserver.exe
FirewallRules: [TCP Query User{9F081AFF-F87B-481F-AE39-94D92F09049F}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{DE9FE7B1-1D1A-4564-AD52-A0AEA54FB5EE}C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) C:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [{B4FD6A1F-7E8A-4942-8C82-6CE4B04FBE19}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A0A512CA-88F6-457C-99AE-2CD9B43EB6E2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{10878D5E-66B0-47EC-9978-86A3BB63DFF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DEC29EFB-B4F7-46E7-8C17-8566DC642EDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{644CB45C-3CAE-4868-9FD7-2E698932767C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-10-2016 13:46:35 Installed SpyHunter
26-10-2016 12:30:25 Removed SpyHunter
26-10-2016 21:15:47 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2016 12:39:15 PM) (Source: MsiInstaller) (EventID: 11706) (User: Owner-Desktop)
Description: Product: DriverUpdate -- Error 1706. An installation package for the product DriverUpdate cannot be found. Try the installation again using a valid copy of the installation package 'setup.msi'.

Error: (10/26/2016 09:04:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.589, time stamp: 0x57cf9743
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000000d
Fault offset: 0x00000000000f56a0
Faulting process id: 0xd6c
Faulting application start time: 0x01d22fc65fc3334c
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 80b3495d-47e2-4d04-9b7d-15adc9e2742d
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2016 08:18:12 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/26/2016 08:18:12 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/26/2016 08:17:44 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/26/2016 08:17:44 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (10/26/2016 01:43:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCleaner64.exe, version: 5.23.0.5808, time stamp: 0x57ebee62
Faulting module name: CCleaner64.exe, version: 5.23.0.5808, time stamp: 0x57ebee62
Exception code: 0x40000015
Fault offset: 0x000000000010d529
Faulting process id: 0xd24
Faulting application start time: 0x01d22fc931ced77d
Faulting application path: C:\Program Files\CCleaner\CCleaner64.exe
Faulting module path: C:\Program Files\CCleaner\CCleaner64.exe
Report Id: 58c93713-782f-460a-9243-e80b26b40fe2
Faulting package full name:
Faulting package-relative application ID:

Error: (10/26/2016 01:42:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: CCleaner64 (3364) testing: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (10/26/2016 01:42:27 PM) (Source: ESENT) (EventID: 489) (User: )
Description: CCleaner64 (3364) testing: An attempt to open the file "C:\Users\Owner\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/26/2016 01:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.589, time stamp: 0x57cf9743
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc000000d
Fault offset: 0x00000000000f56a0
Faulting process id: 0x65d3c
Faulting application start time: 0x01d22fa9b2acf378
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 629041c3-cc48-49ac-b6cb-3a34e015a2ed
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:55 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:54 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:49:54 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:19:24 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 10:19:24 AM) (Source: DCOM) (EventID: 10016) (User: Owner-Desktop)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user Owner-Desktop\Owner SID (S-1-5-21-2463262124-900243846-537622603-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2016-10-25 11:23:08.612
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:06.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:04.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:23:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:56.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:55.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:54.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:52.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:45.723
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-10-25 11:22:43.672
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 8168.27 MB
Available physical RAM: 4695.4 MB
Total Virtual: 16360.27 MB
Available Virtual: 12659.32 MB

==================== Drives ================================

Drive c: (Primary) (Fixed) (Total:930.85 GB) (Free:689.96 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.29 GB) (Free:931.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B9DCE103)

Partition: GPT.

==================== End of Addition.txt ============================

 

Done!
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Owner (27-10-2016 17:38:39) Run:1
Running from C:\Users\Owner\Desktop\Security
Loaded Profiles: Owner (Available Profiles: Owner & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: WSAMVCUchrome - {086BD280-4613-43B5 - No File
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-04-15 21:11 - 2016-04-15 21:11 - 0000000 _____ () C:\Users\Owner\AppData\Roaming\1.txt
2014-02-11 12:14 - 2014-02-11 12:14 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-03-31 19:17 - 2016-03-31 19:18 - 6504960 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Applications
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\Users\Owner\AppData\Roaming\Audio Unit Effect
2013-04-22 17:43 - 2013-06-25 13:44 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2016-03-31 19:16 - 2016-03-31 19:16 - 0127488 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-03-31 19:17 - 2016-03-31 19:18 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2015-12-29 14:50 - 2016-03-22 11:37 - 0023069 _____ () C:\Users\Owner\AppData\Roaming\PassportPhotoStudio
2013-04-22 17:43 - 2013-06-25 13:44 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2013-04-22 17:43 - 2013-06-25 13:44 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2013-04-22 17:43 - 2013-06-25 13:44 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2013-03-10 16:24 - 2013-03-10 16:24 - 0001181 _____ () C:\Users\Owner\AppData\Roaming\trace_FilterInstaller.txt
2012-04-29 14:26 - 2013-06-25 13:44 - 0001057 _____ () C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml
2013-07-27 11:17 - 2013-11-19 11:33 - 0000113 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2013-06-25 15:17 - 2013-11-19 11:33 - 0000006 _____ () C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT
2013-10-29 14:34 - 2013-10-29 14:36 - 144790821 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload
2013-10-29 14:34 - 2013-10-29 14:36 - 0001817 _____ () C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload.aamd
2014-06-04 10:52 - 2014-06-04 10:52 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-12-07 14:12 - 2013-12-07 14:12 - 0001456 _____ () C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-09 14:19 - 2015-07-01 15:47 - 0015872 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\file__0.localstorage
2013-08-07 11:30 - 2013-08-07 11:30 - 0003072 _____ () C:\Users\Owner\AppData\Local\https_drm.youdagames.com_0.localstorage
2013-12-25 15:10 - 2013-12-25 15:10 - 0067992 _____ () C:\Users\Owner\AppData\Local\kfiafmdj
2013-10-12 10:27 - 2013-10-14 15:17 - 0361117 _____ () C:\Users\Owner\AppData\Local\newhb2.crx
2013-12-30 14:09 - 2013-12-30 14:09 - 0000008 ____H () C:\Users\Owner\AppData\Local\pcdit.dat
2013-12-25 15:11 - 2013-12-25 15:11 - 0012326 _____ () C:\Users\Owner\AppData\Local\ptonlrhw
2013-10-22 10:58 - 2013-10-22 10:58 - 0000218 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2012-04-22 15:13 - 2016-10-26 10:25 - 0007606 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-01-26 16:24 - 2013-01-26 16:24 - 0370526 _____ () C:\Users\Owner\AppData\Local\speeddial.crx
2013-10-24 13:20 - 2013-10-24 13:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-12-19 12:00 - 2013-12-19 12:00 - 0000268 ___RH () C:\ProgramData\Authentication
2013-12-19 12:02 - 2013-12-19 12:02 - 0000268 ___RH () C:\ProgramData\Automator
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis1C67.exe
2016-08-18 13:10 - 2016-08-18 13:10 - 0000000 _____ () C:\ProgramData\cis3436.exe
2016-08-18 12:06 - 2016-08-18 12:06 - 0000000 _____ () C:\ProgramData\cis8C91.exe
2013-07-05 13:37 - 2016-04-30 18:08 - 0000007 _____ () C:\ProgramData\ddpN.tst
2016-05-21 19:53 - 2016-05-21 19:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-30 14:08 - 2013-12-30 14:08 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2015-02-11 20:32 - 2015-02-11 20:46 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-12-19 12:00 - 2014-06-26 16:24 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2013-12-19 12:02 - 2014-06-26 16:25 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
C:\ProgramData\cis1C67.exe
C:\ProgramData\cis3436.exe
C:\ProgramData\cis8C91.exe
C:\Users\Owner\mbam-setup-2.1.4.1018.exe
C:\Users\Owner\winstdut.exe
Task: {0A0A5F93-65E6-4677-ADF4-4F9856CC9E05} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {0AE0F523-3173-4DCC-AA8B-1159A874D4D4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {10DF7DC9-FD28-4832-A291-D483A853A3BE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {27AAD300-417B-47E9-B34C-451C44774E16} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {32C4360F-44A1-4ADE-BAD0-ACC2F54CCA28} - \FCGOGZGXWR1 -> No File <==== ATTENTION
Task: {88E85416-6551-4209-998D-07BE0924C86B} - \Motorola Device Manager Update -> No File <==== ATTENTION
Task: {8E473BED-B777-4458-B46E-171493C27DA2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9502E380-2E04-4048-B554-66432BFD2E7E} - \QCDWVIVQSPMYYODA -> No File <==== ATTENTION
Task: {957A6DF3-650E-4DD2-8E56-24995F85C006} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A57CE4AC-F346-47CD-9D76-E41D774FF7FB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A71F817A-0228-4E58-92E2-DE9030E7EDB0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AFC2CFEB-EC44-4CD6-A12F-4635A10076D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C63FEDAB-DE1C-411A-990E-FF2AB5F3373D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C70F14EE-0DCF-471D-A34F-FA68D518527A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CDF185E4-E071-4E48-9E9C-001B1ED8C56C} - \Smart Driver Updater Schedule -> No File <==== ATTENTION
Task: {D9D47DC9-7916-4A35-AE8A-DAAA45AA2BD8} - \Motorola Device Manager Initial Update -> No File <==== ATTENTION
Task: {E930EFB1-3630-400C-90BD-34E369CAE712} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F61A3C18-F3DF-47C3-8F51-523D23B466FA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F6DFD2DD-18C6-44E1-8E5F-FEB19240A9DC} - \{7F790B47-0C0D-047D-0E11-7A057E08110C} -> No File <==== ATTENTION
Task: {FFE25523-6471-4F2D-A0E9-A56723131276} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [129]
AlternateDataStreams: C:\ProgramData\TEMP0757AAB [426]
AlternateDataStreams: C:\Users\Owner\Desktop\BaseCamp_462.exe:BDU [0]
AlternateDataStreams: C:\Users\Owner\Documents\desktop.ini:gs5sys [3074]


*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2463262124-900243846-537622603-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSAMVCUchrome" => key removed successfully
C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com => path removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Owner\AppData\Roaming\1.txt => moved successfully
C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS6 Prefs => moved successfully
C:\Users\Owner\AppData\Roaming\agent.dat => moved successfully
C:\Users\Owner\AppData\Roaming\Applications => moved successfully
C:\Users\Owner\AppData\Roaming\Audio Unit Effect => moved successfully
C:\Users\Owner\AppData\Roaming\inst.exe => moved successfully
C:\Users\Owner\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Owner\AppData\Roaming\Main.dat => moved successfully
C:\Users\Owner\AppData\Roaming\PassportPhotoStudio => moved successfully
C:\Users\Owner\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\Owner\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\Owner\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\Owner\AppData\Roaming\trace_FilterInstaller.txt => moved successfully
C:\Users\Owner\AppData\Roaming\vso_ts_preview.xml => moved successfully
C:\Users\Owner\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Owner\AppData\Roaming\WBPU-TTL.DAT => moved successfully
C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload => moved successfully
C:\Users\Owner\AppData\Local\ACCCx2_2_0_248.zip.aamdownload.aamd => moved successfully
C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
C:\Users\Owner\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Owner\AppData\Local\file__0.localstorage => moved successfully
C:\Users\Owner\AppData\Local\https_drm.youdagames.com_0.localstorage => moved successfully
C:\Users\Owner\AppData\Local\kfiafmdj => moved successfully
C:\Users\Owner\AppData\Local\newhb2.crx => moved successfully
C:\Users\Owner\AppData\Local\pcdit.dat => moved successfully
C:\Users\Owner\AppData\Local\ptonlrhw => moved successfully
C:\Users\Owner\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Owner\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Owner\AppData\Local\speeddial.crx => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\Authentication => moved successfully
C:\ProgramData\Automator => moved successfully
C:\ProgramData\cis1C67.exe => moved successfully
C:\ProgramData\cis3436.exe => moved successfully
C:\ProgramData\cis8C91.exe => moved successfully
C:\ProgramData\ddpN.tst => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\InstallAlibre.config => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
C:\ProgramData\PKP_DLdu.DAT => moved successfully
C:\ProgramData\PKP_DLdw.DAT => moved successfully
"C:\ProgramData\cis1C67.exe" => not found.
"C:\ProgramData\cis3436.exe" => not found.
"C:\ProgramData\cis8C91.exe" => not found.
C:\Users\Owner\mbam-setup-2.1.4.1018.exe => moved successfully
C:\Users\Owner\winstdut.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A0A5F93-65E6-4677-ADF4-4F9856CC9E05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A0A5F93-65E6-4677-ADF4-4F9856CC9E05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE0F523-3173-4DCC-AA8B-1159A874D4D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE0F523-3173-4DCC-AA8B-1159A874D4D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10DF7DC9-FD28-4832-A291-D483A853A3BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10DF7DC9-FD28-4832-A291-D483A853A3BE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27AAD300-417B-47E9-B34C-451C44774E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27AAD300-417B-47E9-B34C-451C44774E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32C4360F-44A1-4ADE-BAD0-ACC2F54CCA28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32C4360F-44A1-4ADE-BAD0-ACC2F54CCA28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FCGOGZGXWR1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88E85416-6551-4209-998D-07BE0924C86B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88E85416-6551-4209-998D-07BE0924C86B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Motorola Device Manager Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E473BED-B777-4458-B46E-171493C27DA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E473BED-B777-4458-B46E-171493C27DA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9502E380-2E04-4048-B554-66432BFD2E7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9502E380-2E04-4048-B554-66432BFD2E7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QCDWVIVQSPMYYODA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{957A6DF3-650E-4DD2-8E56-24995F85C006}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{957A6DF3-650E-4DD2-8E56-24995F85C006}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A57CE4AC-F346-47CD-9D76-E41D774FF7FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A57CE4AC-F346-47CD-9D76-E41D774FF7FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A71F817A-0228-4E58-92E2-DE9030E7EDB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71F817A-0228-4E58-92E2-DE9030E7EDB0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFC2CFEB-EC44-4CD6-A12F-4635A10076D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC2CFEB-EC44-4CD6-A12F-4635A10076D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C63FEDAB-DE1C-411A-990E-FF2AB5F3373D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C63FEDAB-DE1C-411A-990E-FF2AB5F3373D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C70F14EE-0DCF-471D-A34F-FA68D518527A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C70F14EE-0DCF-471D-A34F-FA68D518527A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDF185E4-E071-4E48-9E9C-001B1ED8C56C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDF185E4-E071-4E48-9E9C-001B1ED8C56C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smart Driver Updater Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9D47DC9-7916-4A35-AE8A-DAAA45AA2BD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9D47DC9-7916-4A35-AE8A-DAAA45AA2BD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Motorola Device Manager Initial Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E930EFB1-3630-400C-90BD-34E369CAE712}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E930EFB1-3630-400C-90BD-34E369CAE712}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F61A3C18-F3DF-47C3-8F51-523D23B466FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F61A3C18-F3DF-47C3-8F51-523D23B466FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6DFD2DD-18C6-44E1-8E5F-FEB19240A9DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6DFD2DD-18C6-44E1-8E5F-FEB19240A9DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F790B47-0C0D-047D-0E11-7A057E08110C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFE25523-6471-4F2D-A0E9-A56723131276}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFE25523-6471-4F2D-A0E9-A56723131276}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":792D4CF1" ADS removed successfully.
C:\ProgramData\TEMP => "0757AAB" ADS removed successfully.
C:\Users\Owner\Desktop\BaseCamp_462.exe => ":BDU" ADS removed successfully.
C:\Users\Owner\Documents\desktop.ini => ":gs5sys" ADS removed successfully.

==== End of Fixlog 17:39:07 ====

 

Broni, Sopos Free Virus Removal Tool would not run, rebooted still no go - Message: The Window Installer Service could not be accessed this can occur if the Windows Installer is not correctly installed.
Scans:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
JavaFX 2.0.3
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.185
Mozilla Firefox (49.0)
Google Chrome (50.0.2661.87)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
Bitdefender Bitdefender 2016 vsserv.exe
Bitdefender Bitdefender 2016 updatesrv.exe
Bitdefender Bitdefender 2016 bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 27-01-2016
Ran by Owner (administrator) on 27-10-2016 at 18:33:07
Running from "C:\Users\Owner\Desktop\Security "
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Broni,
I have tried 3x to run the Eset application and it runs to about 95% ant then freezes with indication of 1 treat. My anti-virus app is off during the runs. I finally downloaded Eset Anti-Virus via Internet and ran the scan. The results:
<?xml version= "1.0" encoding= "UTF-8 "?>
@namespace html url(http://www.w3.org/1999/xhtml); :root { font:small Verdana; font-weight: bold; padding: 2em; padding-left:4em; } * { display: block; padding-left: 2em; } html|style { display: none; } html|span, html|a { display: inline; padding: 0; font-weight: normal; text-decoration: none; } html|span.block { display: block; } *[html|hidden], span.block[html|hidden] { display: none; } .expand { display: block; } .expand:before { content: '+'; color: red; position: absolute; left: -1em; } .collapse { display: block; } .collapse:before { content: '-'; color: red; position: absolute; left:-1em; } <ESET><LOG><RECORD><COLUMN NAME= "Time ">10/28/2016 3:17:20 PM</COLUMN><COLUMN NAME= "Scanned folders ">Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\</COLUMN><COLUMN NAME= "Scanned ">654548</COLUMN><COLUMN NAME= "Infected ">3</COLUMN><COLUMN NAME= "Cleaned ">3</COLUMN><COLUMN NAME= "Status ">Completed</COLUMN></RECORD></LOG></ESET>

It said it found 3 threats and cleaned them.