Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Betsy (28-04-2017 23:04:46)
Running from C:\Users\Betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V9HAD58
Windows 7 Home Premium Service Pack 1 (X64) (2016-08-02 23:30:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1972514636-2645274826-1508751941-500 - Administrator - Disabled)
Betsy (S-1-5-21-1972514636-2645274826-1508751941-1000 - Administrator - Enabled) => C:\Users\Betsy
Guest (S-1-5-21-1972514636-2645274826-1508751941-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Slideshow Maker 1.5 (HKLM\...\4K Slideshow Maker_is1) (Version: 1.5.6.903 - Open Media LLC)
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
4K Video to MP3 2.2 (HKLM-x32\...\4K Video to MP3_is1) (Version: 2.2.1.810 - Open Media LLC)
4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.2.1677 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Age of Enigma: The Secret of the Sixth Ghost (HKLM-x32\...\BFG-Age of Enigma - The Secret of the Sixth Ghost) (Version:  - )
Aimersoft Helper Compact 2.5.2 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
Alex Hunter Lord of the Mind Platinum Edition (HKLM-x32\...\{4B0DF181-FB41-4588-A9FE-D723C1709483}) (Version: 1.00.0000 - Encore)
Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.1.0.1 - Amazon)
Amazon Music (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Amazon Amazon Music) (Version: 5.3.4.1688 - Amazon Services LLC)
Antique Mysteries: Secrets of Howard's Mansion (HKLM-x32\...\BFG-Antique Mysteries - Secrets of Howard's Mansion) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Blue Toad Murder Files - The Mysteries of Little Riddle (HKLM\...\Steam App 90400) (Version:  - Relentless Software)
BlueStacks App Player (HKLM-x32\...\{F22E13B7-2C58-4BE6-BA9D-24303403B494}) (Version: 0.10.6.8001 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bridge to Another World: Alice in Shadowland Collector's Edition (HKLM-x32\...\BFG-Bridge to Another World - Alice in Shadowland Collectors Edition) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version:  - )
Dark Tales: Edgar Allan Poe's The Masque of the Red Death Collector's Edition (HKLM-x32\...\BFG-Dark Tales - Edgar Allan Poes The Masque of the Red Death Collectors Edition) (Version:  - )
DIRECTV Player (HKLM-x32\...\{4a5ad61d-1fe9-48b9-87a8-9235f71120f3}) (Version: 12.1 - DIRECTV)
Dreampath: Curse of the Swamps Collector's Edition (HKLM-x32\...\BFG-Dreampath - Curse of the Swamps Collectors Edition) (Version:  - )
Duplicate Cleaner Pro 4.0.4 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.0.4 - DigitalVolcano Software Ltd)
Duplicate Sweeper (HKLM-x32\...\{85526846-A690-4810-A2E6-DE3E0834A2C9}) (Version: 1.83.0 - Wide Angle Software)
Fabled Legends: The Dark Piper Collector's Edition (HKLM-x32\...\BFG-Fabled Legends - The Dark Piper Collector's Edition) (Version:  - )
Facebook Gameroom 1.1.0.4 (HKLM-x32\...\{B8CD1A29-258D-4DE6-AD03-9FA57B223279}) (Version: 1.1.0.4 - Facebook)
Found: A Hidden Object Adventure (HKLM-x32\...\BFG-Found - A Hidden Object Adventure) (Version:  - )
Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Goetia (HKLM\...\Steam App 421740) (Version:  - Sushee)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Hallowed Legends: Templar Collector's Edition (HKLM-x32\...\BFG-Hallowed Legends - Templar Collector's Edition) (Version:  - )
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Infinite HD™ App (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.404761.40 - Comodo)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
KeepVid Music(Version 8.2.1) (HKLM-x32\...\{ADBA24FE-D6F6-4B21-97F3-D58A327422E4}_is1) (Version: 8.2.1 - KeepVid)
KeepVid Pro(Build 4.10.2.0) (HKLM-x32\...\KeepVid Pro_is1) (Version: 4.10.2.0 - KeepVid Studio)
Leawo Tunes Cleaner version  2.4.0.1 (HKLM-x32\...\{C4498CDA-69AF-4D27-BB6C-08684C2776E4}_is1) (Version: 2.4.0.1 - Leawo Software)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.216 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Midnight Castle (HKLM-x32\...\BFG-Midnight Castle) (Version:  - )
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
MP4 Converter 3 (HKLM-x32\...\MP4 Converter_is1) (Version:  - Tomabo)
MP4 Downloader Pro 3 (HKLM-x32\...\MP4 Downloader Pro_is1) (Version:  - Tomabo)
Nightfall: An Edgar Allan Poe Mystery (HKLM-x32\...\BFG-Nightfall - An Edgar Allan Poe Mystery) (Version:  - )
NVIDIA 3D Vision Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.42 - NVIDIA Corporation)
NVIDIA GAME System Software 2.8.1 (HKLM-x32\...\{4F0C7CCF-5666-474B-B02E-AC514A95EC93}) (Version: 2.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Princess Isabella: Return of the Curse Collector's Edition (HKLM-x32\...\BFG-Princess Isabella - Return of the Curse Collector's Edition) (Version:  - )
Princess Isabella: The Rise of an Heir Collector's Edition (HKLM-x32\...\BFG-Princess Isabella - The Rise of an Heir Collectors Edition) (Version:  - )
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks) Hidden
RealDownloader (x32 Version: 18.1.7.343 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Relentless Software Prerequisites (HKLM-x32\...\{CD095458-EFF3-46CB-8BE4-DC1675FB8B49}) (Version: 0.1.0.0 - Relentless Software)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Romance of Rome (HKLM-x32\...\BFG-Romance of Rome) (Version:  - )
Sable Maze: Sinister Knowledge Collector's Edition (HKLM-x32\...\BFG-Sable Maze - Sinister Knowledge Collectors Edition) (Version:  - )
Screen+ version Screen+ 1.4.2 (HKLM\...\Screen+_is1) (Version: Screen+ 1.4.2 - AOC)
Serena (HKLM\...\Steam App 272060) (Version:  - Senscape)
Sherlock Holmes VS Arsene Lupin (HKLM-x32\...\BFG-Sherlock Holmes VS Arsene Lupin) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
The Big Secret of a Small Town (HKLM\...\Steam App 409090) (Version:  - Flenx)
The Clockwork Man: The Hidden World (HKLM-x32\...\BFG-The Clockwork Man - The Hidden World) (Version:  - )
The Misadventures of P.B. Winterbottom (HKLM\...\Steam App 40930) (Version:  - The Odd Gentlemen)
The Testament of Sherlock Holmes (HKLM\...\Steam App 205650) (Version:  - Frogwares)
Tune Sweeper 4 (HKLM-x32\...\{10D7F643-602B-4279-9650-BE687A5491EE}) (Version: 4.27 - Wide Angle Software)
Tune Sweeper V4 (HKLM-x32\...\{5D8E3B6D-9393-444D-AB2B-210B0A680FFC}) (Version: 4.30 - Wide Angle Software)
Twisted: A Haunted Carol (HKLM-x32\...\BFG-Twisted - A Haunted Carol) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vs2015_redist x64 (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\...\WinDirStat) (Version:  - )
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1972514636-2645274826-1508751941-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Betsy\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1972514636-2645274826-1508751941-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E9E3824-4ABF-45DE-A5AC-6E61C188FCA4} - System32\Tasks\MasterSeeker.UACBypass.b507f59b81ca571c278ee2e5dee3973c => C:\Samsung\MasterSeeker.exe [2016-08-09] (DxCK)
Task: {15871271-0FF2-440C-9D09-0183CD0C378B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {174FDFFE-714F-42D1-A766-7975A99E171D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {2EF9A5F4-44B8-44CD-B264-A1F9EA9FA0D4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {33A7A187-E25A-4971-A150-90432B0723E3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {40BE7171-C842-4AEB-9C64-EB687AED5649} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-04-27] (Microsoft Corporation)
Task: {66CCB437-4D40-4787-B01F-BB19DC700DBF} - System32\Tasks\Amazon Music Helper => C:\Users\Betsy\AppData\Local\Amazon Music\Amazon Music Helper.exe [2017-01-23] (Amazon Services LLC)
Task: {69DF5EB3-A172-4015-8AF9-F4D27B3676C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {6F775CB6-9364-4B51-B047-41F260CF337E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1972514636-2645274826-1508751941-1000 => C:\program files (x86)\real\realplayer\RealDownloader\realupgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {6FC0ADFB-7A09-44D7-90C9-4C1FA9ADB0BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {828519A9-6D2F-480E-BDB7-7DC4C0507162} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1972514636-2645274826-1508751941-1000 => C:\program files (x86)\real\realplayer\RealDownloader\realupgrade.exe [2017-03-14] (RealNetworks, Inc.)
Task: {CCD61B88-265D-4C56-919C-18083019D47A} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe [2017-03-14] ()
Task: {D9DE0BBD-32EB-49CB-9E9A-2BFA7089A2FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {DBAD6144-A6BC-44E5-9407-AB0368A1A8A3} - System32\Tasks\Opera scheduled Autoupdate 1471094460 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {F295C66F-CFF3-40FB-A226-EE42729A87F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Betsy\Favorites\Music\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Betsy\Favorites\Medical\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

ShortcutWithArgument: C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Murder Files.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ijfecbiladpinddbjfodaaiahggomhaf

==================== Loaded Modules (Whitelisted) ==============

2016-08-09 16:40 - 2017-04-27 23:17 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-17 13:55 - 2017-04-13 22:20 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-17 13:55 - 2017-04-13 22:20 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-14 19:56 - 2017-03-14 19:56 - 00738032 _____ () C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
2016-09-02 00:08 - 2015-06-19 12:50 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
2016-08-11 13:27 - 2017-04-19 15:32 - 67725936 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libcef.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-01-16 20:24 - 2017-03-09 20:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-01-16 20:24 - 2016-08-31 21:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-01-16 20:24 - 2016-08-31 21:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-01-16 20:24 - 2016-08-31 21:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-01-16 20:24 - 2017-04-25 19:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2017-01-16 20:24 - 2016-01-27 03:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-01-16 20:24 - 2016-01-27 03:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-01-16 20:24 - 2016-01-27 03:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-01-16 20:24 - 2016-01-27 03:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-01-16 20:24 - 2016-01-27 03:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-01-16 20:24 - 2017-04-25 19:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-01-16 20:24 - 2016-07-04 18:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-08-11 13:27 - 2017-04-19 15:32 - 01929840 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libglesv2.dll
2016-08-11 13:27 - 2017-04-19 15:32 - 00087152 _____ () C:\Users\Betsy\AppData\Roaming\Spotify\libegl.dll
2017-01-16 20:25 - 2017-01-30 17:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-01-16 20:24 - 2017-04-25 19:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-15 15:10 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1972514636-2645274826-1508751941-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Betsy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: WsAppService => 2
MSCONFIG\Services: WsDrvInst => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Betsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a712.lnk => C:\Windows\pss\a712.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Betsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Betsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\AMHelper.exe
MSCONFIG\startupreg: AmazonGSDownloaderTray => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: DelaypluginInstall => C:\ProgramData\KeepVid\KeepVid Pro\DelayPluginI.exe
MSCONFIG\startupreg: KeepVidMusicService => C:\Program Files (x86)\KeepVid\KeepVid Music\KeepVidMusicService.exe
MSCONFIG\startupreg: Octoshape Streaming Services => "C:\Users\Betsy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
MSCONFIG\startupreg: PCShowServer => "C:\Users\Betsy\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: RealDownloader => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{1350F913-A226-47D4-83CE-29A0A7E8BB6B}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [UDP Query User{ADD52E03-C423-4FE8-8CF7-AA9FD3E3994E}C:\program files (x86)\magictune premium\magictune.exe] => (Allow) C:\program files (x86)\magictune premium\magictune.exe
FirewallRules: [{CACAC51B-18DD-4282-950A-B2BA593E167E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{835E9597-9987-4997-BA66-2E5C7210B6CE}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [UDP Query User{46F27360-7C5E-45B1-8BCC-FE7C0E6F2236}C:\program files\magictune premium\magictune.exe] => (Block) C:\program files\magictune premium\magictune.exe
FirewallRules: [TCP Query User{F05F8E34-CB3A-4CCF-980F-9EB34C2D7FF4}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betsy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{AC396CC2-1A44-4DDF-9EFB-2342742E9307}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\betsy\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7291D85A-8E13-4BAF-802E-8A064A4F8DCF}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\betsy\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{48C8FF14-89A4-48D0-9537-455AF5F2B274}C:\users\betsy\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\betsy\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6A97116E-2834-4095-AC89-AC39A13D4A08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7372C6ED-D1C5-41C3-86F1-602E61E7999A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9584500B-529E-442F-B009-18EE4F600422}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3891539F-6F4A-42DF-8646-CE65A9AA97D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{D3D27356-9229-4940-96A9-53FED0EB1D98}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{0F0F7CF9-54A8-4583-B296-23B6BF8FB5C2}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{68FFBE82-A26F-426C-8043-0D492E7C31BE}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{DE98C7D9-2081-4CAB-9C65-B8F9606063B6}C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\betsy\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{4A7E50D2-3892-48FC-9A04-A3CB8211870C}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{817B1E64-E1EE-4CF2-9AC4-9B9F4A115AA7}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [TCP Query User{86178FF7-F445-47DB-846A-EF23A62C48DE}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{EB3A230D-3ABA-414E-8E40-F3CAED22EE81}C:\users\betsy\appdata\local\amazon music\amazon music helper.exe] => (Block) C:\users\betsy\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{204F14B0-389F-43C8-94FA-D195437BBB61}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC6497C7-5ABE-411E-8195-DE7F30ABBA62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{654DC783-B881-47C1-AFAE-A4E00A75AE99}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A3097227-DCB2-4B7A-AB7A-FA3F242F0ED1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DD357F76-3E24-4A6B-B9C0-2A3ACC9D8145}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{28D658B3-4409-407E-B3BA-5A130A24D66C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{90D91FC1-68BA-4D8A-8988-700A2FD98965}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WinterBottom\Winterbottom.exe
FirewallRules: [{92A3B0AF-5F4F-4ABE-A32F-28599AFD4966}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WinterBottom\Winterbottom.exe
FirewallRules: [{82D1C20C-9541-42CA-B71E-71432D91D0F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Big Secret of a Small Town\TheBigSecret.exe
FirewallRules: [{19D5B15A-BA60-4328-9DED-020B6A295582}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Big Secret of a Small Town\TheBigSecret.exe
FirewallRules: [{46A4C1B6-EBBA-42AF-AE4E-197AF7DCFC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Toad Murder Files 01\Launcher.exe
FirewallRules: [{F0B72F97-1E2B-4B44-B0BE-FCB7D0D30A94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blue Toad Murder Files 01\Launcher.exe
FirewallRules: [{3A6FE990-4AD8-42E2-9D90-4F05EDA7A603}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\goetia\Goetia.exe
FirewallRules: [{D5580725-AFDA-46DC-AF1C-A514C1438F51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\goetia\Goetia.exe
FirewallRules: [{1A429CDB-59B9-4C0A-B40D-181121FB1476}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{630889ED-C963-4D85-9543-0B374837D063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{CFDF8AE9-A0DB-4824-90F9-0F5A842B5A93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{8326E57E-1342-4529-8935-C6485D5F245A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Testament of Sherlock Holmes\game.exe
FirewallRules: [{2E2AE523-F438-4714-B2EF-CB4FD9013202}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{559C6171-6AFA-4B88-B012-EEA8EBA94620}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{14458B2C-01FD-4239-946E-032B6A74AB91}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{4604ED2D-86C2-4EF2-89C8-15120A0D456A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{196E9C08-801E-48D9-84C8-FCE11C0FBF6C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D4E3AC10-FD18-4F57-9133-AE0352755DE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{40332661-6C6A-4EB4-9ECA-42E4414033C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC6EBE82-BA03-4CC1-B99B-5D3BD63A0EE2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8A270F90-AA76-4501-ADB3-41A3A8B41012}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Converter\MP4Downloader.exe] => Enabled:MP4 Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Tomabo\MP4 Downloader Pro\MP4DownloaderPro.exe] => Enabled:MP4 Downloader Pro

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: MpKsl31691667
Description: MpKsl31691667
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl31691667
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2017 04:18:25 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/28/2017 03:17:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/28/2017 12:00:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/27/2017 11:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/27/2017 11:06:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/27/2017 10:12:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/27/2017 11:51:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/27/2017 11:16:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/27/2017 07:33:55 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (04/27/2017 05:59:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/28/2017 03:17:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr

Error: (04/28/2017 02:05:31 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.241.551.0

	Update Source: Microsoft Update Server

	Update Stage: Search

	Source Path: Default URL

	Signature Type: AntiVirus

	Update Type: Full

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: 

	Previous Engine Version: 1.1.13701.0

	Error code: 0x80070422

	Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (04/27/2017 11:41:19 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (04/27/2017 10:11:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr

Error: (04/27/2017 11:16:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr

Error: (04/27/2017 11:15:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Office Click-to-Run Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2017 11:15:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Click-to-Run Service service to connect.

Error: (04/27/2017 06:00:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
avipbb
avkmgr

Error: (04/27/2017 05:58:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

Error: (04/27/2017 05:58:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.


CodeIntegrity:
===================================
  Date: 2017-04-28 23:03:15.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-28 22:37:01.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-28 15:25:22.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-28 15:15:35.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-28 04:20:48.582
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-27 22:10:54.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-27 14:58:07.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-27 11:14:32.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-27 05:57:57.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-04-26 17:36:45.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 66%
Total physical RAM: 4077.25 MB
Available physical RAM: 1356.51 MB
Total Virtual: 8152.68 MB
Available Virtual: 5094.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:721.39 GB) NTFS
Drive e: (2TB - Second Drive) (Fixed) (Total:1863.01 GB) (Free:1214.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BCEED626)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ED597F99)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================