Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017 Ran by Betsy (17-03-2017 03:39:36) Running from C:\Users\Betsy\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-08-02 23:30:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1972514636-2645274826-1508751941-500 - Administrator - Disabled) Betsy (S-1-5-21-1972514636-2645274826-1508751941-1000 - Administrator - Enabled) => C:\Users\Betsy Guest (S-1-5-21-1972514636-2645274826-1508751941-501 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Slideshow Maker 1.5 (HKLM\...\4K Slideshow Maker_is1) (Version: 1.5.6.903 - Open Media LLC) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) 4K Video to MP3 2.2 (HKLM-x32\...\4K Video to MP3_is1) (Version: 2.2.1.810 - Open Media LLC) 4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.2.1677 - Open Media LLC) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Age of Enigma: The Secret of the Sixth Ghost (HKLM-x32\...\BFG-Age of Enigma - The Secret of the Sixth Ghost) (Version: - ) Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft) Alex Hunter Lord of the Mind Platinum Edition (HKLM-x32\...\{4B0DF181-FB41-4588-A9FE-D723C1709483}) (Version: 1.00.0000 - Encore) Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.1.0.1 - Amazon) Amazon Music (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Amazon Amazon Music) (Version: 5.3.4.1688 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 5.3.4.1688 - Amazon Services LLC) Antique Mysteries: Secrets of Howard's Mansion (HKLM-x32\...\BFG-Antique Mysteries - Secrets of Howard's Mansion) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) Blue Toad Murder Files - The Mysteries of Little Riddle (HKLM\...\Steam App 90400) (Version: - Relentless Software) BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bridge to Another World: Alice in Shadowland Collector's Edition (HKLM-x32\...\BFG-Bridge to Another World - Alice in Shadowland Collectors Edition) (Version: - ) Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version: - ) Dark Tales: Edgar Allan Poe's The Masque of the Red Death Collector's Edition (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poes The Masque of the Red Death Collectors Edition) (Version: - ) DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV) Dreampath: Curse of the Swamps Collector's Edition (HKLM-x32\...\BFG-Dreampath - Curse of the Swamps Collectors Edition) (Version: - ) Duplicate Cleaner Pro 4.0.3 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.0.3 - DigitalVolcano Software Ltd) Duplicate Sweeper (HKLM-x32\...\{85526846-A690-4810-A2E6-DE3E0834A2C9}) (Version: 1.83.0 - Wide Angle Software) Fabled Legends: The Dark Piper Collector's Edition (HKLM-x32\...\BFG-Fabled Legends - The Dark Piper Collector's Edition) (Version: - ) Facebook Gameroom 1.1.0.4 (HKLM-x32\...\{B8CD1A29-258D-4DE6-AD03-9FA57B223279}) (Version: 1.1.0.4 - Facebook) Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version: - ) Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) Goetia (HKLM\...\Steam App 421740) (Version: - Sushee) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Hallowed Legends: Templar Collector's Edition (HKLM-x32\...\BFG-Hallowed Legends - Templar Collector's Edition) (Version: - ) iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.) Infinite HD™ App (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS) Infinite HD™ App (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Octoshape Streaming Services) (Version: - Octoshape ApS) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo) iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) KeepVid Music(Version 8.2.1) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 8.2.1 - KeepVid) KeepVid Pro(Build 4.10.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.2.0 - KeepVid Studio) Leawo Tunes Cleaner version 2.4.0.1 (HKLM-x32\...\{C4498CDA-69AF-4D27-BB6C-08684C2776E4}_is1) (Version: 2.4.0.1 - Leawo Software) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.216 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version: - ) Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) MP4 Converter 3 (HKLM-x32\...\MP4 Converter_is1) (Version: - Tomabo) MP4 Downloader Pro 3 (HKLM-x32\...\MP4 Downloader Pro_is1) (Version: - Tomabo) Nightfall: An Edgar Allan Poe Mystery (HKLM-x32\...\BFG-Nightfall - An Edgar Allan Poe Mystery) (Version: - ) NVIDIA 3D Vision Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.42 - NVIDIA Corporation) NVIDIA GAME System Software 2.8.1 (HKLM-x32\...\{4F0C7CCF-5666-474B-B02E-AC514A95EC93}) (Version: 2.8.1 - NVIDIA Corporation) NVIDIA Graphics Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.42 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.18.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software) Princess Isabella: Return of the Curse Collector's Edition (HKLM-x32\...\BFG-Princess Isabella - Return of the Curse Collector's Edition) (Version: - ) Princess Isabella: The Rise of an Heir Collector's Edition (HKLM-x32\...\BFG-Princess Isabella - The Rise of an Heir Collectors Edition) (Version: - ) RealDownloader (x32 Version: 18.1.5.699 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.1.6.165 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.5 - RealNetworks) Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Relentless Software Prerequisites (HKLM-x32\...\{CD095458-EFF3-46CB-8BE4-DC1675FB8B49}) (Version: 0.1.0.0 - Relentless Software) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Romance of Rome (HKLM-x32\...\BFG-Romance of Rome) (Version: - ) Sable Maze: Sinister Knowledge Collector's Edition (HKLM-x32\...\BFG-Sable Maze - Sinister Knowledge Collectors Edition) (Version: - ) Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC) Serena (HKLM\...\Steam App 272060) (Version: - Senscape) Sherlock Holmes VS Arsene Lupin (HKLM-x32\...\BFG-Sherlock Holmes VS Arsene Lupin) (Version: - ) Spotify (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB) Spotify (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) The Big Secret of a Small Town (HKLM\...\Steam App 409090) (Version: - Flenx) The Clockwork Man: The Hidden World (HKLM-x32\...\BFG-The Clockwork Man - The Hidden World) (Version: - ) The Misadventures of P.B. Winterbottom (HKLM\...\Steam App 40930) (Version: - The Odd Gentlemen) The Testament of Sherlock Holmes (HKLM\...\Steam App 205650) (Version: - Frogwares) Tune Sweeper 4 (HKLM-x32\...\{10D7F643-602B-4279-9650-BE687A5491EE}) (Version: 4.27 - Wide Angle Software) Twisted: A Haunted Carol (HKLM-x32\...\BFG-Twisted - A Haunted Carol) (Version: - ) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden Video Downloader (x32 Version: 1.3.0 - RealNetworks) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) vs2015_redist x64 (Version: 1.0.0.0 - Realnetworks) Hidden vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.) WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.) WinDirStat 1.1.2 (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\WinDirStat) (Version: - ) WinDirStat 1.1.2 (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - ) Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1972514636-2645274826-1508751941-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Betsy\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1972514636-2645274826-1508751941-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03BA9084-741D-455B-80B6-DE97D3CCEA71} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1972514636-2645274826-1508751941-1000 => C:\program files (x86)\real\realplayer\RealDownloader\realupgrade.exe [2016-09-03] (RealNetworks, Inc.) Task: {0E9E3824-4ABF-45DE-A5AC-6E61C188FCA4} - System32\Tasks\MasterSeeker.UACBypass.b507f59b81ca571c278ee2e5dee3973c => C:\Samsung\MasterSeeker.exe [2016-08-09] (DxCK) Task: {174FDFFE-714F-42D1-A766-7975A99E171D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {332D1AD7-12B7-403E-82AE-4358D34C6676} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {40BE7171-C842-4AEB-9C64-EB687AED5649} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-19] (Microsoft Corporation) Task: {5F91123E-6FA2-4919-A141-47C58554A7A7} - System32\Tasks\MasterSeeker.UACBypass.d672e9b0175dd51abe22b3f9d8db0478 => C:\Users\Betsy\AppData\Local\Temp\Temp1_MasterSeeker1.5.1.zip\MasterSeeker.exe [2016-08-09] (DxCK) <==== ATTENTION Task: {6550A84D-1CB6-40D0-89B4-E4A20AA53367} - \SUPERAntiSpyware Scheduled Task 94e38eca-7229-4ad1-935e-75b43ae23839 -> No File <==== ATTENTION Task: {66CCB437-4D40-4787-B01F-BB19DC700DBF} - System32\Tasks\Amazon Music Helper => C:\Users\Betsy\AppData\Local\Amazon Music\Amazon Music Helper.exe [2017-01-23] (Amazon Services LLC) Task: {698CF006-0022-4BE7-A848-1A38F2F088D7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1972514636-2645274826-1508751941-1000 => C:\program files (x86)\real\realplayer\RealDownloader\realupgrade.exe [2016-09-03] (RealNetworks, Inc.) Task: {6D347906-C927-49E6-9180-A0CADC7B9DD0} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe Task: {6FC0ADFB-7A09-44D7-90C9-4C1FA9ADB0BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated) Task: {87C3FACA-7F96-4C10-8D2D-3B6502D86C70} - System32\Tasks\RNUpgradeHelperResumePrompt_Betsy => C:\Users\Betsy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe [2017-03-12] (RealNetworks, Inc.) Task: {94AC0217-BDFB-44DB-AE3D-4A8F11D97168} - \SUPERAntiSpyware Scheduled Task f372dc70-af40-42ef-867b-e27053405cdf -> No File <==== ATTENTION Task: {B7621A51-FA3C-4298-A265-E86692603F30} - System32\Tasks\ReclaimerUpdateFiles_Betsy => C:\Users\Betsy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe [2017-03-12] (RealNetworks, Inc.) Task: {C2D24F82-38AB-4385-8AC4-E7B7DE0F54DE} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1972514636-2645274826-1508751941-1000 => C:\program files (x86)\real\realplayer\RealDownloader\recordingmanager.exe [2016-09-03] (RealNetworks, Inc.) Task: {C6F26B87-BC5E-49A8-90C5-C6C73280DF86} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {D002D49C-EB04-45B9-AC5C-340527A44DA0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {D8EA974C-8187-4031-807F-EA5C9A3D8DFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {DBAD6144-A6BC-44E5-9407-AB0368A1A8A3} - System32\Tasks\Opera scheduled Autoupdate 1471094460 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software) Task: {ECEEA81D-1FFB-4274-BC3F-A6E9F977E1EA} - System32\Tasks\RNUpgradeHelperLogonPrompt_Betsy => C:\Users\Betsy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe [2017-03-12] (RealNetworks, Inc.) Task: {F295C66F-CFF3-40FB-A226-EE42729A87F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.) Task: {FD6C10AE-018F-49AA-96B5-B7FC4CA16E2B} - System32\Tasks\ReclaimerUpdateXML_Betsy => C:\Users\Betsy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.06\agent\rnupgagent.exe [2017-03-12] (RealNetworks, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Betsy\Old Drive\Favorites\Music\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Betsy\Old Drive\Favorites\Medical\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Alice 3.lnk -> C:\Program Files\Alice3\Alice3.bat (No File) Shortcut: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Play The 11th Hour (2).lnk -> C:\Program Files (x86)\DotEmu\The 11th Hour\11th_Hour.bat (No File) Shortcut: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Play The 11th Hour.lnk -> C:\Program Files (x86)\DotEmu\The 11th Hour\11th_Hour.bat (No File) Shortcut: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Play The 7th Guest (2).lnk -> C:\Program Files (x86)\DotEmu\The 7th Guest\The_7th_Guest.bat (No File) Shortcut: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Play The 7th Guest.lnk -> C:\Program Files (x86)\DotEmu\The 7th Guest\The_7th_Guest.bat (No File) Shortcut: C:\Users\Betsy\Favorites\Music\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Betsy\Favorites\Medical\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Betsy\AppData\Local\6961d\16184.lnk -> C:\Users\Betsy\AppData\Local\6961d\690e5.bat (No File) ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hgakehlldcacnfhjampnkihibmkgclhk ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\My Chrome Theme.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=oehpjpccmlcalbenfhnacjeocbjdonic ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\My Time Organizer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nbgjpoemniodpkigbjkleiaoifclhfdm ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Escape the Mansion.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=igidehinggodbiknfganhbghapfcmgkg ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Murder Files.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ijfecbiladpinddbjfodaaiahggomhaf ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Museum of Thieves.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfmfcbbfpfhgimahmdgbakemclmkklge ShortcutWithArgument: C:\Users\Betsy\Old Drive\Desktop\Downloaded computer games\Princess Match.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mnclclbcpgdlfbdacfgfolncclkbjcge ShortcutWithArgument: C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Murder Files.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ijfecbiladpinddbjfodaaiahggomhaf ==================== Loaded Modules (Whitelisted) ============== 2016-08-09 16:40 - 2017-01-29 09:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 01384168 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\NDSPCShowServer.exe 2016-12-13 14:50 - 2016-12-13 14:50 - 00730864 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe 2016-09-03 12:18 - 2016-09-03 12:18 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe 2016-09-02 00:08 - 2015-06-19 12:50 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll 2016-08-11 13:27 - 2017-03-09 19:56 - 67725936 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libcef.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-01-13 14:56 - 2017-01-13 14:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2017-01-16 20:24 - 2017-02-02 21:42 - 00668960 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2017-01-16 20:24 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2017-01-16 20:24 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2017-01-16 20:24 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2017-01-16 20:24 - 2017-03-13 18:04 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll 2017-01-16 20:24 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2017-01-16 20:24 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2017-01-16 20:24 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2017-01-16 20:24 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2017-01-16 20:24 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2017-01-16 20:24 - 2017-03-13 18:04 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2017-01-16 20:24 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-09-20 14:46 - 2016-09-20 14:46 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll 2016-09-20 14:45 - 2016-09-20 14:45 - 00034064 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\mediautil.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 11423968 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\PCShowServer.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 03301088 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\DrmSingleton.dll 2016-02-14 09:15 - 2016-02-14 09:15 - 00340192 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\ndsLogStore.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 02100968 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\DiscoveryManager.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 08346848 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\gsttspplugin.dll 2016-02-14 09:14 - 2016-02-14 09:14 - 00689904 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll 2016-02-14 09:15 - 2016-02-14 09:15 - 01404128 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\libxml2-2.dll 2016-02-14 09:15 - 2016-02-14 09:15 - 00092880 _____ () C:\Users\Betsy\AppData\Local\DIRECTV Player\z.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 01029120 _____ () C:\Users\Betsy\AppData\Local\Facebook\Games\CefSharp.Core.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 49805824 _____ () C:\Users\Betsy\AppData\Local\Facebook\Games\libcef.dll 2016-09-20 14:45 - 2016-09-20 14:45 - 00653072 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll 2016-09-03 12:18 - 2016-09-03 12:18 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll 2016-09-03 12:18 - 2016-09-03 12:18 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll 2016-09-03 12:18 - 2016-09-03 12:18 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll 2016-08-11 13:27 - 2017-03-09 19:56 - 01929840 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libglesv2.dll 2016-08-11 13:27 - 2017-03-09 19:56 - 00087152 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libegl.dll 2017-01-16 20:25 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2017-01-16 20:24 - 2017-03-13 18:04 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 00688640 _____ () C:\Users\Betsy\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 01665024 _____ () C:\Users\Betsy\AppData\Local\Facebook\Games\libglesv2.dll 2016-07-29 19:01 - 2016-07-29 19:01 - 00074752 _____ () C:\Users\Betsy\AppData\Local\Facebook\Games\libegl.dll 2016-09-23 13:44 - 2014-08-23 10:50 - 01039872 _____ () C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\Components\JSE.dll 2016-11-22 19:06 - 2016-10-08 18:03 - 01506304 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll 2016-11-22 19:06 - 2016-07-21 11:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll 2016-08-09 16:36 - 2017-01-29 05:49 - 01010368 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll 2016-11-22 19:15 - 2016-11-18 11:34 - 00625096 _____ () C:\ProgramData\KeepVid\KeepVid Pro\WSBrowserAppMgr.dll 2017-03-16 01:22 - 2017-03-16 01:22 - 63810560 _____ () C:\Users\Betsy\AppData\Local\4ed4b9\libcef.dll 2017-03-16 01:23 - 2017-03-16 01:23 - 17772736 _____ () C:\Users\Betsy\AppData\Local\4ed4b9\plugins\pepflashplayer32_23_0_0_207.dll 2017-03-16 01:23 - 2017-03-16 01:23 - 17833560 _____ () C:\Users\Betsy\AppData\Local\4ed4b9\plugins\pepflashplayer32_24_0_0_186.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:04EAB86F [219] AlternateDataStreams: C:\ProgramData\TEMP:0B79AB8D [458] AlternateDataStreams: C:\ProgramData\TEMP:120B3AFD [228] AlternateDataStreams: C:\ProgramData\TEMP:123A86B5 [470] AlternateDataStreams: C:\ProgramData\TEMP:1345C9DC [458] AlternateDataStreams: C:\ProgramData\TEMP:14898D5B [172] AlternateDataStreams: C:\ProgramData\TEMP:1C201DEB [436] AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134] AlternateDataStreams: C:\ProgramData\TEMP:437B1C75 [181] AlternateDataStreams: C:\ProgramData\TEMP:45912F61 [400] AlternateDataStreams: C:\ProgramData\TEMP:4A8EB1C4 [432] AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A [450] AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA [163] AlternateDataStreams: C:\ProgramData\TEMP:7485F466 [223] AlternateDataStreams: C:\ProgramData\TEMP:7687A3E3 [176] AlternateDataStreams: C:\ProgramData\TEMP:7BFFC6A9 [246] AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639 [188] AlternateDataStreams: C:\ProgramData\TEMP:9EC390E9 [248] AlternateDataStreams: C:\ProgramData\TEMP:E6708F08 [438] AlternateDataStreams: C:\ProgramData\TEMP:F512B2D9 [500] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-08-15 15:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1972514636-2645274826-1508751941-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{1350F913-A226-47D4-83CE-29A0A7E8BB6B}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe FirewallRules: [UDP Query User{ADD52E03-C423-4FE8-8CF7-AA9FD3E3994E}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe FirewallRules: [{AC6A0E88-915F-4BB6-A6C3-60F52292BB9C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{1C84F57B-E217-4DAC-9125-8E7768A1B314}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{0F387565-59FD-4564-A421-3FEF7B8AD44C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{735F521E-5EBA-4201-99F9-E3D30D0C15D3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{CACAC51B-18DD-4282-950A-B2BA593E167E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{835E9597-9987-4997-BA66-2E5C7210B6CE}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe FirewallRules: [UDP Query User{46F27360-7C5E-45B1-8BCC-FE7C0E6F2236}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe FirewallRules: [TCP Query User{F05F8E34-CB3A-4CCF-980F-9EB34C2D7FF4}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betsy\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{AC396CC2-1A44-4DDF-9EFB-2342742E9307}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betsy\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{7291D85A-8E13-4BAF-802E-8A064A4F8DCF}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\betsy\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{48C8FF14-89A4-48D0-9537-455AF5F2B274}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\betsy\appdata\roaming\spotify\spotify.exe FirewallRules: [{6A97116E-2834-4095-AC89-AC39A13D4A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7372C6ED-D1C5-41C3-86F1-602E61E7999A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9584500B-529E-442F-B009-18EE4F600422}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3891539F-6F4A-42DF-8646-CE65A9AA97D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F0CA6900-5ED9-43BE-ADBD-AA2421A299FA}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [TCP Query User{D3D27356-9229-4940-96A9-53FED0EB1D98}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe FirewallRules: [UDP Query User{0F0F7CF9-54A8-4583-B296-23B6BF8FB5C2}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe FirewallRules: [TCP Query User{68FFBE82-A26F-426C-8043-0D492E7C31BE}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe FirewallRules: [UDP Query User{DE98C7D9-2081-4CAB-9C65-B8F9606063B6}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe FirewallRules: [TCP Query User{4A7E50D2-3892-48FC-9A04-A3CB8211870C}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe FirewallRules: [UDP Query User{817B1E64-E1EE-4CF2-9AC4-9B9F4A115AA7}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe FirewallRules: [TCP Query User{86178FF7-F445-47DB-846A-EF23A62C48DE}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe FirewallRules: [UDP Query User{EB3A230D-3ABA-414E-8E40-F3CAED22EE81}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe FirewallRules: [{204F14B0-389F-43C8-94FA-D195437BBB61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC6497C7-5ABE-411E-8195-DE7F30ABBA62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{654DC783-B881-47C1-AFAE-A4E00A75AE99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A3097227-DCB2-4B7A-AB7A-FA3F242F0ED1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{DD357F76-3E24-4A6B-B9C0-2A3ACC9D8145}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{28D658B3-4409-407E-B3BA-5A130A24D66C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{90D91FC1-68BA-4D8A-8988-700A2FD98965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WinterBottom\Winterbottom.exe FirewallRules: [{92A3B0AF-5F4F-4ABE-A32F-28599AFD4966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WinterBottom\Winterbottom.exe FirewallRules: [{82D1C20C-9541-42CA-B71E-71432D91D0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Big Secret of a Small Town\TheBigSecret.exe FirewallRules: [{19D5B15A-BA60-4328-9DED-020B6A295582}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Big Secret of a Small Town\TheBigSecret.exe FirewallRules: [{46A4C1B6-EBBA-42AF-AE4E-197AF7DCFC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Toad Murder Files 01\Launcher.exe FirewallRules: [{F0B72F97-1E2B-4B44-B0BE-FCB7D0D30A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Toad Murder Files 01\Launcher.exe FirewallRules: [{3A6FE990-4AD8-42E2-9D90-4F05EDA7A603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\goetia\Goetia.exe FirewallRules: [{D5580725-AFDA-46DC-AF1C-A514C1438F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\goetia\Goetia.exe FirewallRules: [{1A429CDB-59B9-4C0A-B40D-181121FB1476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe FirewallRules: [{630889ED-C963-4D85-9543-0B374837D063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe FirewallRules: [{CFDF8AE9-A0DB-4824-90F9-0F5A842B5A93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Testament of Sherlock Holmes\game.exe FirewallRules: [{8326E57E-1342-4529-8935-C6485D5F245A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Testament of Sherlock Holmes\game.exe FirewallRules: [{3EB267D2-C715-450A-A748-FEC5F617E22F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E29F8D56-5023-4F2D-8F92-1A4EC1B492DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{2E2AE523-F438-4714-B2EF-CB4FD9013202}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe FirewallRules: [{559C6171-6AFA-4B88-B012-EEA8EBA94620}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Converter\MP4Downloader.exe] => Enabled:MP4 Downloader StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/16/2017 12:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/15/2017 07:17:34 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Windows\Installer\{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (03/15/2017 06:40:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x571682e4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id: 0x1788 Faulting application start time: 0x01d29ddcd613ed15 Faulting application path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 5a2f3192-09d0-11e7-be76-14dae9e967f1 Error: (03/15/2017 06:40:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: WDBackupEngine.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AggregateException Stack: at System.Threading.Tasks.TaskExceptionHolder.Finalize() Error: (03/15/2017 06:38:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x571682e4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id: 0x12d0 Faulting application start time: 0x01d29ddbe85fe781 Faulting application path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 0c8decf4-09d0-11e7-be76-14dae9e967f1 Error: (03/15/2017 06:38:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: WDBackupEngine.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AggregateException Stack: at System.Threading.Tasks.TaskExceptionHolder.Finalize() Error: (03/15/2017 06:31:48 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (03/14/2017 08:26:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WDBackupEngine.exe, version: 2.0.0.15, time stamp: 0x571682e4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting process id: 0x1294 Faulting application start time: 0x01d29d2233643aef Faulting application path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 15cd0bb9-0916-11e7-bddd-14dae9e967f1 Error: (03/14/2017 08:26:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: WDBackupEngine.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AggregateException Stack: at System.Threading.Tasks.TaskExceptionHolder.Finalize() Error: (03/14/2017 08:22:39 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (03/17/2017 03:28:52 AM) (Source: volsnap) (EventID: 35) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error: (03/16/2017 05:21:41 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error: (03/16/2017 01:09:30 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout. Error: (03/16/2017 12:56:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Error: (03/16/2017 12:55:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/16/2017 12:55:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect. Error: (03/16/2017 12:54:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The avgntflt service failed to start due to the following error: The system cannot find the file specified. Error: (03/15/2017 06:40:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (03/15/2017 06:38:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (03/15/2017 06:31:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: avipbb avkmgr CodeIntegrity: =================================== Date: 2017-03-16 01:02:33.165 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-16 00:54:22.410 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-16 00:23:15.822 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-16 00:00:44.146 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 21:57:14.739 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 21:25:04.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 20:38:25.152 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 18:29:37.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-15 00:13:41.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-14 21:39:08.774 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Percentage of memory in use: 62% Total physical RAM: 4077.25 MB Available physical RAM: 1522.28 MB Total Virtual: 8152.67 MB Available Virtual: 3436.95 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:5.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BCEED626) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================