Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by tom-t (08-12-2016 22:28:13)
Running from C:\Users\tom-t\Downloads
Windows 10 Home Version 1607 (X64) (2016-10-31 19:36:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-748703395-188434783-1144859813-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-748703395-188434783-1144859813-503 - Limited - Disabled)
familia (S-1-5-21-748703395-188434783-1144859813-1004 - Limited - Enabled) => C:\Users\familia
Guest (S-1-5-21-748703395-188434783-1144859813-501 - Limited - Disabled)
tom-t (S-1-5-21-748703395-188434783-1144859813-1001 - Administrator - Enabled) => C:\Users\tom-t

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.0.3 - IObit)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo Burning Studio 11 v.11.0.2 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.2 - Ashampoo GmbH & Co. KG)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 4 4.2.1.166 (HKLM-x32\...\AVS Video Editor 4_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (Service Version) (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.3 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version:  - BitTorrent, Inc)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
DRAGON QUEST HEROES Slime Edition (HKLM\...\ZHJhZ29ucXVlc3RoZXJvZXNzbGltZWVkaXRpb24_is1) (Version: 1 - )
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
Driver Easy 5.0.6 (HKLM\...\DriverEasy_is1) (Version: 5.0.6 - Easeware)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4404 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
IsoBuster 3.5 (HKLM-x32\...\IsoBuster_is1) (Version: 3.5 - Smart Projects)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-748703395-188434783-1144859813-1001\...\dda9ca0b023f4c56) (Version: 1.6.4.0 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 8.1.4.29179 - LULU Software Limited) Hidden
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoFiltre 7 (HKU\S-1-5-21-748703395-188434783-1144859813-1001\...\PhotoFiltre 7) (Version:  - )
PNotes 9.3.0 (HKLM-x32\...\{949D34E5-F53F-4830-9A50-1E2C39109043}_is1) (Version: 9.3.0 - Andrey Gruber)
PS3Splitter version 1.1.5.2 (HKLM-x32\...\PS3Splitter_is1) (Version: 1.1.5.2 - Karmian.org)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.875.080715 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7936 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0273 - REALTEK Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SixaxisPairTool 0.3.0 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.3.0 - Dancing Pixel Studios)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.1.13.29991 - LULU Software Limited)
Soda PDF 8 Asian Fonts Pack (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Convert Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Create Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Edit Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Forms Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Insert Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 OCR Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Review Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 Secure Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Soda PDF 8 View Module (Version: 8.1.12.29405 - LULU Software Limited) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (06/18/2015 8.0.0.16) (HKLM\...\545B999BD5E2E239335F95C2AF9BED5D511CEC95) (Version: 06/18/2015 8.0.0.16 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.5.5.6) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.5.5.6 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05E52BD7-5CB9-443A-A5AA-6C6648A9D849} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-11-28] (Realtek Semiconductor)
Task: {086E2EE1-B0ED-48E6-918B-A9CDC659A0F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {0C9CE5FE-7E05-4A8D-8297-6F7FDBA31A65} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-14] (Adobe Systems Incorporated)
Task: {0F817E3E-E8BF-4BD1-8536-1CB5FC97A712} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {10BDE17A-A1AE-400E-A724-8A2FF60CEF0A} - System32\Tasks\{E96CB895-FEAC-4941-B4CD-7471EC9E957E} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {11D33F35-5632-4C90-8961-9B692BF609EC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {1250C84B-2D57-4EEB-9682-8E25A342CF6B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2016-06-11] (Easeware)
Task: {1C4E6419-1EA8-4299-AE60-36D1C5CE6380} - System32\Tasks\{2A9D0AA3-4125-4038-BC72-65E345300999} => pcalua.exe -a "C:\Users\tom-t\OneDrive\Documents\ILLUSION - GHOST KILLER.exe" -d C:\Users\tom-t\OneDrive\Documents
Task: {231067CF-4780-44FC-AA64-4894054EDC12} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-28] (Realtek Semiconductor)
Task: {2A207307-F22F-43AE-90FA-C6EA23B9ACE4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {335FC303-9F32-458B-A1F1-CA4544828ABA} - System32\Tasks\{525319CB-1B2E-4610-A6E5-394B7EBFE227} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {3708050F-C8E4-4CB9-AB8C-7B733A74EDF2} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {3A920A31-0B93-4D51-8723-E1106D2E9B7A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {420EED58-5A6D-43E0-B077-C7BE39785443} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-25] (AVAST Software)
Task: {4CCB133A-748B-42DE-A0BD-4109DA49F375} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-tom-torres@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {5F5F0E5D-B903-48C5-8E64-EDFB7227398A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {61E0065D-FA03-4D3E-9226-83261165EABD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-21] (Piriform Ltd)
Task: {65BAA42F-40AA-4359-9405-CB5CD09CD822} - System32\Tasks\{8001F1C3-F719-4E73-A007-B12D9364C783} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {66FA6AA8-F2D2-429A-8A5A-F8C8DB887550} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-08] (IObit)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {6DDF4221-C35F-4D61-BC76-59D8D833DA09} - System32\Tasks\Uninstaller_SkipUac_tom-t => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {719891B2-2730-46F4-826A-73E7F0DE1184} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-748703395-188434783-1144859813-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\tom-t\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {7A62AD34-957E-49F2-9EF5-4B8E178A4923} - System32\Tasks\{5D243367-A53C-4A35-9D04-21B28C49DB1D} => pcalua.exe -a C:\Users\tom-t\AppData\Local\{16F120AD-3259-4C15-5FC1-69FD7BA99565}\uninstall.exe -c /Uninstall /s /noun
Task: {7FB16993-3E00-40CA-AE44-70C4EFC62B73} - System32\Tasks\{F1DDA1AF-B206-4BCB-B01B-0CADB40C6524} => pcalua.exe -a "C:\Program Files (x86)\Ultimate IP Changer\unins000.exe"
Task: {856D70C1-87CF-4955-A55C-39BFA5D463BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.)
Task: {8999CD15-C904-49BC-8CF6-BAF91E511586} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {89FE0BF9-EF8C-4CA1-ADC1-F5E3AA55FC0F} - System32\Tasks\{BD849F9C-34A6-0044-9E0F-96AB87E23B69} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\fb4bcde7\b49bd8ca.dll" <==== ATTENTION
Task: {8C0B0C38-00F5-47B7-8267-7540E154D23C} - System32\Tasks\Driver Booster SkipUAC (tom-t) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {8C79EB48-86E4-4D94-BE68-294AF1CC2BBC} - System32\Tasks\{11BFE413-803D-48FC-8D04-3D1CD0838EE6} => pcalua.exe -a "C:\Program Files (x86)\AVS4YOU\AVSVideoConverter6\unins000.exe"
Task: {9EBE59A5-EA21-4B72-B85D-3FA5EF9A5ACF} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-11-10] (IObit)
Task: {AE18C857-1DF9-413F-B6B1-97E309394816} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {AE51C43C-68DA-42B0-8E60-6ECA1E79C4F5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {B4EA2ED9-EE57-4809-B71A-1501C2349DE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B8366AA3-916F-41BD-AE77-4CBA33AF1FD3} - System32\Tasks\SafeZone scheduled Autoupdate 1480088856 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {C818DFD4-50B5-4D1A-8F9D-63DD18A20DBA} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {D4531958-6938-49C5-BE3E-7C6E9ABA2F0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {D4783E81-6532-420A-917A-D60F597EBF11} - System32\Tasks\ASC10_SkipUac_tom-t => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-11-11] (IObit)
Task: {D75DBA80-AA77-4773-99B5-EB60935907E2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {EFA6E86B-C3F4-45F8-AEEF-4DF3F71012FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {F3B48B2D-9DE3-4312-808C-D5C34B8A623F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {FA07A84A-C48D-4F7A-AF63-E6C96D979671} - System32\Tasks\{1DF76EAB-FCA3-4131-B058-A4D43109C2B9} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Wrye Bash\uninstall.exe"
Task: {FB7F3287-3B4C-46D3-9D62-485266FD6C96} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FC85335F-C8C8-48C9-A2F7-2A763E9AA957} - System32\Tasks\{56948C08-F0EE-4CA9-835B-CACBD3D6724B} => launchwinapp.exe hxxps://ui.skype.com/ui/0/7.29.80.102/en/go/help.faq.installer?LastError=1618
Task: {FDB53FA5-D36F-4EE8-95FA-6514EC7569B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-08] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_tom-t.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-27 16:29 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-27 16:01 - 2015-07-20 21:19 - 00121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-31 17:09 - 2016-10-31 17:09 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-31 17:09 - 2016-10-31 17:09 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-31 14:53 - 2016-10-31 14:53 - 01864384 _____ () C:\Users\tom-t\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-08 12:47 - 2016-10-30 11:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-31 17:09 - 2016-10-31 17:09 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 00:02 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-31 23:30 - 2016-10-31 23:31 - 01573584 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-10-31 23:30 - 2016-10-31 23:31 - 00366080 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.41.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-11-09 00:01 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 00:01 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 00:01 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 00:01 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 00:01 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 00:01 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 08:36 - 2016-11-17 08:44 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-17 08:36 - 2016-11-17 08:44 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-17 08:36 - 2016-11-17 08:44 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-09-27 20:15 - 2016-11-28 17:53 - 00402928 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-01-06 11:41 - 2016-01-06 11:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-14 20:29 - 2016-11-08 16:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 20:29 - 2016-11-08 16:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-25 10:43 - 2016-11-25 10:43 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-08 15:39 - 2016-12-08 15:39 - 03066880 _____ () C:\Program Files\AVAST Software\Avast\defs\16120803\algo.dll
2016-11-25 10:43 - 2016-11-25 10:43 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-26 12:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-11-26 12:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-11-26 12:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-28 17:38 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-11-28 17:38 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-11-28 17:38 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-08-07 03:09 - 2015-08-07 03:09 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-28 17:38 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-11-28 17:38 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-11-28 17:38 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-11-28 17:38 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 11:40 - 2015-08-25 11:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-10-31 14:52 - 2016-10-31 14:53 - 01383616 _____ () C:\Users\tom-t\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-10-31 14:54 - 2016-10-31 14:54 - 00118976 _____ () C:\Users\tom-t\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2015-12-27 19:36 - 2016-06-20 13:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-27 19:36 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-11-25 10:43 - 2016-11-25 10:43 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-28 17:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2016-11-28 17:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2016-11-28 17:38 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-11-28 17:38 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2016-01-07 13:59 - 00000877 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-748703395-188434783-1144859813-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 24.200.241.37 - 24.202.72.13
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{466728A7-64B6-4ED9-AE48-9C3C116365E4}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{1B633016-B1E8-4757-ABA8-282D58B462B3}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{B853BBFD-F492-4020-871D-9317E245BE23}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9ACEC412-F406-4B10-9598-7EFEAE049657}] => LPort=1900
FirewallRules: [{C07EA71A-12E2-45E7-A962-50EC31E70AA6}] => LPort=2869
FirewallRules: [{D57B4DAB-3D33-49BC-9959-37D46602F9A1}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61D12C1D-700E-4FB3-8D6B-9F50BF82D47E}] => C:\Program Files (x86)\AirPrint\airprint.exe
FirewallRules: [{3CD164B3-423D-4B0D-8F4E-29F9B152F9A3}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{FF20ECF2-229B-4554-BBA1-ECFFDC41FE48}] => C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{E3B7307A-30F7-409E-967B-5269964ADFCF}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{3597AF66-1924-4B1E-9FF8-5699B1F620B7}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{E4F986A6-9753-41D3-B0E4-6008743E9534}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{BCA23BDC-8CD6-4355-9271-A335EF7EC2C9}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{9C4AEBD9-C40E-4942-972B-B514397B47D3}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{28F0077B-743F-457A-BE0B-948437C45BB2}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{12C2DB9B-9B07-4110-A0F8-E77D69C48881}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{CD9B02E2-65B3-453D-99D5-88A4CD137A6B}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{16185E2C-2D46-44C7-A49B-7019C36A0555}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3B60FE9A-CF9F-4442-BB49-4B78C07FDD30}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BAF05B71-54A5-4EB8-801E-99DB9C02C6BB}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F00F7F01-4E5D-42F7-852C-B33DBEE933E1}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{ADE941E1-832D-4584-A3AD-37BAAB8747CE}C:\program files (x86)\bittorrent\bittorrent.exe] => C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{2E469D58-3F9C-459E-BF92-048D0E0892F8}C:\program files (x86)\bittorrent\bittorrent.exe] => C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{4F1E71D7-A7BC-49C8-A13B-1B0FB1D9EF41}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7AE60A58-41A3-4987-A46F-C419160239C3}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4D2EADBB-6E01-4D24-8F9A-9C4784EA507A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{068117FD-67F1-4565-9624-91FBA84D52CD}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A757C137-60CC-4484-B2ED-6C7475F91429}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17C03B90-4DA1-46EA-8693-4B748FF8BE62}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4FD28958-76F3-4EEA-A71E-3400D7C6199D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7F3668F2-F9CE-4513-8866-62A5D47932A9}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{CF8213A9-E253-4E78-BCC8-DA291DBCF7C2}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{21AA5E63-755D-4ADD-8CB7-7FBA0B42DCD7}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{F300F241-C265-4C48-A66A-2D2F437F2409}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{8A97DF2D-60E7-4AB1-AF30-1A8260DADD38}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{6EB2BE1F-F08B-4DAD-ABA3-0E3AED92EE20}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{F5D71E21-B6E2-4DB7-9E89-FBD1E1BF9E08}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{DC2F8292-9CB8-43CA-AAAE-CE5AE20E7F60}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-11-2016 17:20:03 Removed Skype™ 7.26
28-11-2016 17:38:45 Driver Booster : Realtek PCIe GBE Family Controller
06-12-2016 16:15:49 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: USB2.0 VGA UVC WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft® Keyboard with Fingerprint Reader
Description: Microsoft® Keyboard with Fingerprint Reader
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2016 08:52:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-FMLSAAF)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/08/2016 08:31:41 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/08/2016 07:58:27 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-FMLSAAF)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (12/08/2016 07:52:09 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-FMLSAAF)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (12/08/2016 04:17:08 PM) (Source: ESENT) (EventID: 454) (User: )
Description: taskhostw (744) WebCacheLocal: Database recovery/restore failed with unexpected error -1032.

Error: (12/08/2016 04:17:08 PM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhostw (744) WebCacheLocal: Unable to write a shadowed header for file C:\Users\tom-t\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (12/08/2016 04:17:08 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (744) WebCacheLocal: An attempt to open the file "C:\Users\tom-t\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/08/2016 04:16:58 PM) (Source: ESENT) (EventID: 439) (User: )
Description: taskhostw (744) WebCacheLocal: Unable to write a shadowed header for file C:\Users\tom-t\AppData\Local\Microsoft\Windows\WebCache\V01.chk. Error -1032.

Error: (12/08/2016 04:16:58 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (744) WebCacheLocal: An attempt to open the file "C:\Users\tom-t\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/08/2016 04:16:48 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (744) WebCacheLocal: An attempt to open the file "C:\Users\tom-t\AppData\Local\Microsoft\Windows\WebCache\V01.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (12/08/2016 08:52:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 08:03:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (12/08/2016 07:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 07:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 07:58:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 04:14:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-FMLSAAF)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-FMLSAAF\tom-t SID (S-1-5-21-748703395-188434783-1144859813-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 04:13:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.

Error: (12/08/2016 04:11:28 PM) (Source: HTTP) (EventID: 15005) (User: )
Description: Unable to bind to the underlying transport for [::]:50123. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Error: (12/08/2016 04:05:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/08/2016 04:05:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 8091.49 MB
Available physical RAM: 4097.05 MB
Total Virtual: 10523.49 MB
Available Virtual: 5885.91 MB

==================== Drives ================================

Drive c: (C) (Fixed) (Total:371.85 GB) (Free:70.26 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:328.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 396E593D)

Partition: GPT.

==================== End of Addition.txt ============================