No issues during the uninstall of programs.
Fix Log:
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-24 11:04:57) Run:1
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CMD: fltmc detach bsdriver c: bsdriver
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
HKLM\...\Run: [SystemFix] => C:\windows\winLoad32.exe [44032 2016-01-23] ()
HKLM-x32\...\Run: [gmsd_us_51] => [X]
HKLM-x32\...\Run: [gmsd_us_85] => [X]
HKLM-x32\...\Run: [gmsd_us_100] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [gmsd_us_349] => [X]
HKLM-x32\...\Run: [PlayGem] => C:\Program Files (x86)\PlayGem\PlayGem.exe [3195904 2015-06-03] (PlayGem)
HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [popup] => "C:\windows\System32\MyTrayApp.exe"
HKLM-x32\...\Run: [TrailerTime] => C:\Users\Liyah241\AppData\Roaming\TrailerTime\TrailerTime.exe [49475088 2015-12-16] ()
HKLM-x32\...\Run: [gmsd_us_005010219] => C:\Program Files (x86)\gmsd_us_005010219\gmsd_us_005010219.exe [3955888 2016-01-26] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat [164 2016-01-23] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [148112 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-07-31] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-06-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-10-11] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Windi] => C:\ProgramData\DataFile\Windi.exe [283648 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [SearchModule] => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [391168 2015-12-01] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Winoneexe] => C:\Users\Liyah241\AppData\Local\winone\WinoneApp.exe [12288 2016-01-26] ()
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\MountPoints2: {ae32ec1a-535e-11e2-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\Click_Here_to_Install_Leapster_GS_Explorer.html
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
Startup: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-17]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\WWatcherLSP.dll [295888 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\WWatcherLSP64.dll [342032 2015-10-15] (WWatcher)
Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [NameServer] 199.203.131.152,82.163.143.182
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}: [NameServer] 104.197.191.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,&vp=ch&prd=set_ie
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> OldSearch URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M31B147BA-977A-4994-A48D-0C90C7D61DDC&SearchSource=58&CUI=&UM=8&UP=SP36C2E74D-6022-4F05-B86C-FE828B025E6D&D=012316&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {07217568-B3BA-4655-866E-9BDE000A7BE8} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {12739F39-9A8C-4A07-9DEE-9A9C4170F529} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=MC4A718D5-8355-475D-A0E3-0B42B994A080&SearchSource=58&CUI=&UM=8&UP=SP50EC8EA0-3617-4E14-AEAD-7384EDAD9240&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bir-re__alt__ddc_dss_bd_com&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://www-searching.com/search.aspx?s=F1Nztutdk0000,8dc51ff3-17d4-4276-8e99-0499bdf92755,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
BHO: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev64.dll [2016-01-26] ()
BHO: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.x64.dll [2015-05-14] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.x64.dll [2015-05-06] ()
BHO: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.x64.dll [2015-05-14] ()
BHO-x32: shopperz270120160220 -> {1521F284-D3C9-49ED-8445-4B41CFD85BAF} -> C:\Program Files\shopperz270120160220\Camzev.dll [2016-01-26] ()
BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-10-02] (Checked List)
BHO-x32: Easyttosshhop -> {8261849b-4c10-45ac-ab7c-38722f8fe013} -> C:\Program Files (x86)\Easyttosshhop\Aebhe632etMPJ5.dll [2015-05-14] ()
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-12-08] (Compete, Inc.)
BHO-x32: QQuicckshuoP -> {b7d793de-fc39-4e61-8585-5480350f2d8f} -> C:\Program Files (x86)\QQuicckshuoP\tgyIgAXnsEjBc6.dll [2015-05-06] ()
BHO-x32: deAlo4REaL -> {c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} -> C:\Program Files (x86)\deAlo4REaL\N57kCYfdvCqXMd.dll [2015-05-14] ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.tohotweb.com?oem=mbtkusv3&uid=E2P3421K3086NS_HitachiHTS543232A7A384&tm=1445641607
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{1521F284-D3C9-49ED-8445-4B41CFD85BAF}] - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi
FF HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12]
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 580a4029; c:\Program Files (x86)\IncrementInstance\IncrementInstance.dll [2225152 2015-05-01] () [File not signed]
R2 6135ae48; c:\Program Files (x86)\SustainerPlus\SustainerPlus.dll [2297344 2015-05-01] () [File not signed]
R3 8F898A85-C4D3-441E-a6A4-8FF2923283FA; C:\Program Files\shopperz270120160220\Nurdaj.exe [291176 2016-01-26] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-10-23] (ConsumerInput)
R3 csrcc; C:\Program Files\shopperz270120160220\csrcc.exe [1497448 2016-01-26] ()
R2 NetTcpHandler; C:\Users\Liyah241\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () [File not signed]
R2 QUZNjUc; C:\ProgramData\hKafruOyr\QUZNjUc.exe [2931200 2015-10-23] (Valid Applications) [File not signed]
R2 qymumylo; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\jnsx6CFE.tmp [247808 2015-11-21] () [File not signed]
R2 rcores; C:\WINDOWS\rcore.exe [4686336 2014-12-29] () [File not signed]
R2 shopperz270120160220 Updater; C:\Program Files\shopperz270120160220\Icaorku.exe [159080 2016-01-26] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2447872 2016-01-24] (Search Module Ltd.) [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-10-11] () [File not signed]
R2 typikeni; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\hnsz8A5C.tmp [718336 2015-11-21] () [File not signed]
R2 Update Checked List; C:\Program Files (x86)\Checked List\updateCheckedList.exe [661192 2016-01-26] ()
R2 Util Checked List; C:\Program Files (x86)\Checked List\bin\utilCheckedList.exe [661192 2016-01-26] ()
R2 WinNetSvc; C:\Users\Liyah241\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () [File not signed]
R2 WWatcherProxy; C:\Program Files (x86)\WinWiki\WWatcherProxy.exe [1739776 2015-10-15] (WWatcher)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
R2 cybemove; C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8\knsg5077.tmpfs [X]
S2 Lewry; "C:\Users\Liyah241\AppData\Roaming\BejmaDua\Zegbarvh.exe" -cms [X]
S2 Update PlumoWeb; "C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe" [X]
S3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
S2 zigipyro; C:\Users\Liyah241\AppData\Local\02459A70-1453552013-D265-7A86-42E8B3913FF8\qnsbFBBF.tmp [X]
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34712 2016-01-26] ()
R3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-03-22] (Corporation) [File not signed]
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [43776 2016-01-24] ()
R1 {22b230b8-6e08-4687-afa6-31e3b13fe333}w64; C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys [48784 2015-01-21] (StdLib)
R1 {2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64; C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys [48784 2015-12-17] (StdLib)
R1 {2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64; C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys [48784 2015-03-22] (StdLib)
R1 {59074063-010c-49cd-9e33-7f8e3a63291d}w64; C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys [48784 2015-01-14] (StdLib)
R1 {6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64; C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys [48784 2015-01-26] (StdLib)
R1 {7076b5a4-952b-427a-a724-78a34643efb0}w64; C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys [48784 2015-01-11] (StdLib)
R1 {8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64; C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys [48744 2016-01-26] (StdLib)
R1 {f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64; C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys [48784 2015-01-15] (StdLib)
R1 {f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64; C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys [48784 2015-10-23] (StdLib)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 wpnfd_1_10_0_4; system32\drivers\wpnfd_1_10_0_4.sys [X]
2016-03-22 18:56 - 2016-03-22 19:34 - 00003740 _____ C:\WINDOWS\System32\Tasks\SecurityApps2
2016-03-22 20:43 - 2015-10-23 15:38 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2016-03-22 19:50 - 2015-10-23 15:47 - 00003266 _____ C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2016-03-22 19:49 - 2015-10-23 15:47 - 00003260 _____ C:\WINDOWS\System32\Tasks\Super Optimizer Schedule
2016-03-22 19:30 - 2016-01-23 13:49 - 00000000 ____D C:\Users\Liyah241\AppData\Local\TrailerTime
2016-03-22 19:29 - 2016-01-26 22:18 - 00023208 _____ (Corporation) C:\WINDOWS\system32\Drivers\sdfhgdf.sys
2016-03-22 19:29 - 2015-12-17 21:52 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\SmartWeb
2016-03-22 19:28 - 2016-01-26 20:48 - 00000296 _____ C:\WINDOWS\Tasks\System HealerStartUp.job
2016-03-22 19:28 - 2015-10-23 15:37 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2016-03-22 19:28 - 2015-03-24 18:09 - 00001714 _____ C:\WINDOWS\Tasks\NVDVJDI.job
2016-03-22 19:28 - 2015-03-24 17:58 - 00001714 _____ C:\WINDOWS\Tasks\QXEBESK.job
2016-03-22 19:02 - 2016-01-23 13:18 - 00000000 ____D C:\ProgramData\DataFile
2016-03-22 07:26 - 2016-01-23 13:23 - 00000000 ____D C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\NVDVJDI
2015-03-24 18:09 - 2015-03-24 18:09 - 1856000 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe
2015-01-01 20:41 - 2015-01-01 20:41 - 2052584 _____ (CinPlus2.6dV01.01) C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe
2015-03-09 14:30 - 2015-03-09 14:30 - 0005487 _____ () C:\Users\Liyah241\AppData\Roaming\QXEBESK
2015-03-24 17:58 - 2015-03-24 17:58 - 1933824 _____ (Cinema PlusV24.03) C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {11F9950B-E7C0-4EDB-BC20-9B4F10657E5F} - System32\Tasks\NVDVJDI => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {1ED05F36-703D-4F12-9CC1-E75BB2289821} - System32\Tasks\DNSBRIDGEPORT => C:\Program Files (x86)\DNS Unlocker\dnsbridgeport.exe [2015-11-04] () <==== ATTENTION
Task: {26837C61-9A95-449B-A03B-97C86E539D6B} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {295B5A7E-4BE6-4DD3-B610-32933E1C64ED} - System32\Tasks\Runner for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {2CF78AB4-9F3C-4452-844E-D7520FE94AA2} - System32\Tasks\impo => C:\Windows\bs1.exe [2015-08-07] ()
Task: {320B8E21-9640-4748-B7EE-BD572F65FCAF} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe [2015-12-06] (Microsoft) <==== ATTENTION
Task: {43F28202-2529-47C8-80FD-A720B57BBD09} - System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0\Runner.exe [2015-05-06] () <==== ATTENTION
Task: {51F80982-67AA-4214-BBB6-45FF6922D521} - System32\Tasks\Systemhi => C:\Windows\SysInfo.exe [2016-01-23] ()
Task: {5CCCE2F9-6773-422E-B35B-B842E8F3AA34} - System32\Tasks\Mudgin => C:\Program Files\shopperz270120160220\Pyhbo.bat [2016-01-26] () <==== ATTENTION
Task: {68A44B4E-300D-488E-A886-0FF1B2516BB8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.99\OptProLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {6BA988DD-0C5B-4C24-AA05-34B3DFE76619} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updatehelper.exe [2016-01-24] () <==== ATTENTION
Task: {6CCAF12A-CB64-4984-B398-44977B9FFF36} - System32\Tasks\Follow Extension => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\FollowExtension.dll",#1 <==== ATTENTION
Task: {6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {6D15F10C-3D66-4366-8BFE-38BBB3D2D841} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-10-11] ()
Task: {6D236BA3-35AE-47D9-926D-1D6B18D9AFAA} - System32\Tasks\import => C:\Windows\Mint.exe [2015-12-24] (Microsoft)
Task: {6F37D558-1769-40F2-9B44-CCD4BF31EE96} - System32\Tasks\win => C:\Windows\win.exe
Task: {732CAE4E-D1C9-4537-8230-B3B263B6F120} - System32\Tasks\bvxvbxxvaa => C:\Users\Liyah241\AppData\Local\bvxvbxxvaa\bvxvbxxvaa.exe [2016-01-14] () <==== ATTENTION
Task: {75BFCBC2-3C41-471B-AC93-99A7291EB17D} - System32\Tasks\IBUpd => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {790B0F82-FBF7-4A65-87FB-48A8B5719AE7} - System32\Tasks\QXEBESK => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe [2015-03-24] (Cinema PlusV24.03) <==== ATTENTION
Task: {805BE1B9-C515-4804-82CE-79F282314AFC} - System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8277B1D0-5859-4939-B659-0B55517F6AAF} - System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: {8B6732DD-5A8B-4C92-859B-1D6A32F67ED2} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2015-12-17] ()
Task: {8FD38911-4C73-437D-B5E3-FC9008166069} - System32\Tasks\IBUpd2 => C:\Users\Liyah241\AppData\Local\BrowserAir\47.0.0.3\updater.exe [2016-01-07] () <==== ATTENTION
Task: {98532C13-55F6-4DA8-AF76-A624A333BFEA} - System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMA (the data entry has 7520 more characters).
Task: {A88DE84D-2355-4692-B7A7-0E6F1F3619C4} - System32\Tasks\RSPro => C:\Users\Liyah241\AppData\Local\SearchModule\dblaunch.exe [2015-12-01] () <==== ATTENTION
Task: {AB673388-6C32-46B6-BC8A-4C4C07820CD6} - System32\Tasks\YFPFTQOXE => C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe [2015-03-23] () <==== ATTENTION
Task: {B2F8936D-EB49-420D-A0BD-60A8BC86C796} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2015-12-17] ()
Task: {B3EFC9BB-E9AD-4A41-9C24-653A4A377256} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {B6651D93-7630-4794-9B30-92DB1EF2D422} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {BCD1DD1A-1331-4187-B4B8-4F3D55F84D64} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {C9B6A09B-47FA-4321-A384-73A5CD7DA441} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\Wiindows.exe [2016-01-10] ()
Task: {CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-10-23] (ConsumerInput) <==== ATTENTION
Task: {CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC} - System32\Tasks\Googleuptodate => C:\Windows\Wimboldon.exe [2015-12-24] (Microsoft) <==== ATTENTION
Task: {D33187A9-BA8C-4544-94E7-D2F21BDA6EC9} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe <==== ATTENTION
Task: {E2B92397-DCDE-4E70-B627-70306F7E7807} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-07-31] () <==== ATTENTION
Task: {E72D99D0-8495-46D9-A54F-115AE55ABD94} - System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => pcalua.exe -a "C:\Program Files\WajaWebEnhancer\WWE_uninstall.exe"
Task: {EA241A42-EC85-4779-8BAC-585A6F9D08FC} - System32\Tasks\System HealerPeriod => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {EE4BF2FC-5016-49E2-9DF8-D253AFA1338A} - System32\Tasks\Optscan => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe [2014-10-23] () <==== ATTENTION
Task: {F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43} - System32\Tasks\Follow Extension2 => Rundll32.exe "C:\Users\Liyah241\AppData\Local\Follow Extension\{DD0465C6-6773-9B3E-AAC7-022215E140C4}\wqaxq.dll",#1 <==== ATTENTION
Task: {F3A1CB2A-B15E-4981-9C73-A65E24CFB758} - System32\Tasks\System HealerStartUp => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2015-12-17] ()
Task: {F7AC100A-2518-4999-9E56-F5D0836B61E2} - System32\Tasks\Lanwifi => C:\Windows\amdave64Win.exe [2016-01-23] ()
Task: {F951DD44-C111-4DE3-AE28-5431AF203BEF} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe [2015-09-22] (SS) <==== ATTENTION
Task: {FDB6B95A-0EE1-42AD-9292-CB4D1C79B024} - System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-12-02] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NVDVJDI.job => C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Optscan.job => c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\QXEBESK.job => C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\System HealerPeriod.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
Task: C:\WINDOWS\Tasks\System HealerStartUp.job => C:\Program Files (x86)\SystemHealer\SystemHealer.exe
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
ShortcutWithArgument: C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Rzftpbl2,d64f3907-6a8e-4862-bcd6-80d2c97c1c32,
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy => ""="service"
FirewallRules: [{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{C82D7AA4-08BB-4E3D-A408-82F01613DE89}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{488A31B8-CB97-4F8A-B4D6-697D6A171764}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{E740A7CC-6119-44AD-A924-5DB954A358D3}] => (Allow) C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BRT.Helper.exe
FirewallRules: [{786F9F67-53ED-4E7B-B74A-C28A8BC0769F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{ADAFB897-C726-403E-A448-D32C1016B2EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{540021B5-F612-4C32-8512-4AFF485924CF}] => (Allow) C:\Users\Liyah241\AppData\Local\BrowserAir\Application\BrowserAir.exe
C:\Program Files\BubbleSound
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\PlayGem
C:\Program Files (x86)\Note-up
C:\Users\Liyah241\AppData\Local\SmartWeb
C:\Users\Liyah241\AppData\Roaming\TrailerTime
C:\Program Files (x86)\gmsd_us_005010219
C:\Program Files (x86)\SpaceSondPro_v53.12311
C:\Program Files (x86)\Optimizer Pro 3.99
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\Itibiti Soft Phone
C:\Program Files (x86)\sushileads
C:\ProgramData\DataFile
C:\Users\Liyah241\AppData\Local\SearchModule
C:\Users\Liyah241\AppData\Local\winone
C:\Program Files (x86)\SearchProtect
C:\Program Files\shopperz270120160220
C:\Program Files (x86)\Easyttosshhop
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\QQuicckshuoP
C:\Program Files (x86)\deAlo4REaL
C:\Program Files (x86)\Checked List
C:\Program Files\shopperz
c:\Program Files (x86)\IncrementInstance
c:\Program Files (x86)\SustainerPlus
C:\Users\Liyah241\AppData\Roaming\NetService
C:\ProgramData\hKafruOyr
C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8
C:\Program Files\Common Files\Goobzo
C:\Users\Liyah241\AppData\Roaming\WinNetSvc
C:\Program Files (x86)\WinWiki
C:\PROGRA~2\YTDOWN~1
C:\Users\Liyah241\AppData\Roaming\BejmaDua
C:\Program Files (x86)\PlumoWeb
C:\Program Files (x86)\DNS Unlocker
C:\Program Files (x86)\SystemHealer
C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0
C:\Users\Liyah241\AppData\Local\Follow Extension
C:\Program Files (x86)\MyPC Backup
C:\Users\Liyah241\AppData\Local\bvxvbxxvaa
C:\Users\Liyah241\AppData\Local\BrowserAir
C:\ProgramData\SearchModule
C:\Program Files (x86)\SwiftSearch_1.10.0.25
C:\Program Files (x86)\PC Optimizer
C:\Program Files\WajaWebEnhancer
c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}
C:\WINDOWS\rcore.exe
C:\WINDOWS\system32\drivers\bsdriver.sys
C:\Windows\System32\DRIVERS\sdfhgdf.sys
C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys
C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys
C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys
C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys
C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys
C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys
C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys
C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys
C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys
C:\WINDOWS\system32\drivers\SPPD.sys
C:\WINDOWS\system32\drivers\wpnfd_1_10_0_4.sys
C:\Windows\bs1.exe
C:\Windows\winupd.exe
C:\Windows\SysInfo.exe
C:\Windows\Mint.exe
C:\Windows\win.exe
C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe
C:\Windows\Wimboldon.exe
C:\Windows\hsysinfo.exe
C:\Windows\amdave64Win.exe
CMD: netsh winsock reset
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ip reset c:\resetlog.txt
CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
Emptytemp:
End
*****************
Restore point was successfully created.
Processes closed successfully.
========= fltmc detach bsdriver c: bsdriver =========
========= End of CMD: =========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SystemFix => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_51 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_85 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_100 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_349 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PlayGem => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Note-up => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\popup => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TrailerTime => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010219 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\IOPROTECT => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Super Optimizer => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value removed successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SushiLeadsApplication => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Windi => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SearchModule => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Winoneexe => value not found.
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae32ec1a-535e-11e2-be71-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{ae32ec1a-535e-11e2-be71-806e6f6e6963} => key not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => not found.
C:\Users\Liyah241\AppData\Local\SmartWeb\SmartWebHelper.exe => not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 => key not found.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015 => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}\\NameServer => value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{406A6EC4-A42A-4564-810E-0501F8EED96A}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A26B217D-4250-4EFE-8C82-2DEBB386ECC2}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ed8d8bb7-60a6-11e3-824b-806e6f6e6963}\\NameServer => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found.
HKCR\CLSID\OldSearch => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07217568-B3BA-4655-866E-9BDE000A7BE8} => key not found.
HKCR\CLSID\{07217568-B3BA-4655-866E-9BDE000A7BE8} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{12739F39-9A8C-4A07-9DEE-9A9C4170F529} => key not found.
HKCR\CLSID\{12739F39-9A8C-4A07-9DEE-9A9C4170F529} => key not found.
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A593BFF-095B-4B68-8250-CA75C19EFF6F} => key not found.
HKCR\CLSID\{6A593BFF-095B-4B68-8250-CA75C19EFF6F} => key not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => key not found.
"HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found.
HKCR\CLSID\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found.
HKCR\CLSID\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found.
HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found.
HKCR\CLSID\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found.
HKCR\CLSID\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found.
HKCR\Wow6432Node\CLSID\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} => key not found.
HKCR\Wow6432Node\CLSID\{7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found.
HKCR\Wow6432Node\CLSID\{8261849b-4c10-45ac-ab7c-38722f8fe013} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found.
HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found.
HKCR\Wow6432Node\CLSID\{b7d793de-fc39-4e61-8585-5480350f2d8f} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found.
HKCR\Wow6432Node\CLSID\{c59b7fd8-8d16-454b-8dc4-e0cadb14c30a} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => value not found.
C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi => not found.
FF Extension: shopperz270120160220 - C:\Program Files\shopperz270120160220\Firefox\{1521F284-D3C9-49ED-8445-4B41CFD85BAF}.xpi [2016-01-26] [not signed] => not found
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1521F284-D3C9-49ED-8445-4B41CFD85BAF} => value not found.
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value not found.
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi => not found.
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12247.xpi [2016-01-12] => not found
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
580a4029 => service not found.
6135ae48 => service not found.
8F898A85-C4D3-441E-a6A4-8FF2923283FA => service not found.
CltMngSvc => service not found.
consumerinput_update => service not found.
consumerinput_updatem => service not found.
csrcc => service not found.
NetTcpHandler => service not found.
QUZNjUc => service not found.
qymumylo => service not found.
rcores => service not found.
shopperz270120160220 Updater => service not found.
SMUpd => service not found.
SushiLeadsUpdaterService => service not found.
typikeni => service not found.
Update Checked List => service not found.
Util Checked List => service not found.
WinNetSvc => service not found.
WWatcherProxy => service not found.
BrsHelper => service removed successfully
cybemove => service not found.
Lewry => service removed successfully
Update PlumoWeb => service not found.
WdNisSvc => service removed successfully
WinDefend => service removed successfully
zigipyro => service not found.
bsdriver => Unable to stop service.
bsdriver => service could not remove
sdfhgdf => service removed successfully
SMUpdd => service not found.
{22b230b8-6e08-4687-afa6-31e3b13fe333}w64 => service not found.
{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64 => service not found.
{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64 => service not found.
{59074063-010c-49cd-9e33-7f8e3a63291d}w64 => service not found.
{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64 => service not found.
{7076b5a4-952b-427a-a724-78a34643efb0}w64 => service not found.
{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64 => service not found.
{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64 => service not found.
{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64 => service not found.
SPPD => service not found.
wpnfd_1_10_0_4 => service not found.
"C:\WINDOWS\System32\Tasks\SecurityApps2" => not found.
"C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job" => not found.
"C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule" => not found.
"C:\WINDOWS\System32\Tasks\Super Optimizer Schedule" => not found.
"C:\Users\Liyah241\AppData\Local\TrailerTime" => not found.
C:\WINDOWS\system32\Drivers\sdfhgdf.sys => moved successfully
"C:\Users\Liyah241\AppData\LocalLow\SmartWeb" => not found.
"C:\WINDOWS\Tasks\System HealerStartUp.job" => not found.
"C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job" => not found.
C:\WINDOWS\Tasks\NVDVJDI.job => moved successfully
C:\WINDOWS\Tasks\QXEBESK.job => moved successfully
"C:\ProgramData\DataFile" => not found.
"C:\Users\Liyah241\AppData\Local\bvxvbxxvaa" => not found.
C:\Users\Liyah241\AppData\Roaming\NVDVJDI => moved successfully
"C:\Users\Liyah241\AppData\Roaming\NVDVJDI.exe" => not found.
"C:\Users\Liyah241\AppData\Roaming\QQMCDLW.exe" => not found.
C:\Users\Liyah241\AppData\Roaming\QXEBESK => moved successfully
"C:\Users\Liyah241\AppData\Roaming\QXEBESK.exe" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11F9950B-E7C0-4EDB-BC20-9B4F10657E5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F9950B-E7C0-4EDB-BC20-9B4F10657E5F}" => key removed successfully
C:\WINDOWS\System32\Tasks\NVDVJDI => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVDVJDI" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1ED05F36-703D-4F12-9CC1-E75BB2289821}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ED05F36-703D-4F12-9CC1-E75BB2289821}" => key removed successfully
C:\WINDOWS\System32\Tasks\DNSBRIDGEPORT => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSBRIDGEPORT => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26837C61-9A95-449B-A03B-97C86E539D6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26837C61-9A95-449B-A03B-97C86E539D6B}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Run Delay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Run Delay => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{295B5A7E-4BE6-4DD3-B610-32933E1C64ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{295B5A7E-4BE6-4DD3-B610-32933E1C64ED}" => key removed successfully
C:\WINDOWS\System32\Tasks\Runner for IC => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner for IC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CF78AB4-9F3C-4452-844E-D7520FE94AA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF78AB4-9F3C-4452-844E-D7520FE94AA2}" => key removed successfully
C:\WINDOWS\System32\Tasks\impo => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{320B8E21-9640-4748-B7EE-BD572F65FCAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{320B8E21-9640-4748-B7EE-BD572F65FCAF}" => key removed successfully
C:\WINDOWS\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43F28202-2529-47C8-80FD-A720B57BBD09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F28202-2529-47C8-80FD-A720B57BBD09}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance\Updater for IC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Updater for IC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F80982-67AA-4214-BBB6-45FF6922D521}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F80982-67AA-4214-BBB6-45FF6922D521}" => key removed successfully
C:\WINDOWS\System32\Tasks\Systemhi => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Systemhi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CCCE2F9-6773-422E-B35B-B842E8F3AA34}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CCCE2F9-6773-422E-B35B-B842E8F3AA34}" => key removed successfully
C:\WINDOWS\System32\Tasks\Mudgin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mudgin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68A44B4E-300D-488E-A886-0FF1B2516BB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A44B4E-300D-488E-A886-0FF1B2516BB8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BA988DD-0C5B-4C24-AA05-34B3DFE76619}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BA988DD-0C5B-4C24-AA05-34B3DFE76619}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMWUpd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CCAF12A-CB64-4984-B398-44977B9FFF36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CCAF12A-CB64-4984-B398-44977B9FFF36}" => key removed successfully
C:\WINDOWS\System32\Tasks\Follow Extension => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Follow Extension" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CFF64AD-FDDF-4383-A8FE-DC2DB856FF88}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D15F10C-3D66-4366-8BFE-38BBB3D2D841} => key not found.
C:\WINDOWS\System32\Tasks\SushiLeads => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D236BA3-35AE-47D9-926D-1D6B18D9AFAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D236BA3-35AE-47D9-926D-1D6B18D9AFAA}" => key removed successfully
C:\WINDOWS\System32\Tasks\import => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\import" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F37D558-1769-40F2-9B44-CCD4BF31EE96}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F37D558-1769-40F2-9B44-CCD4BF31EE96}" => key removed successfully
C:\WINDOWS\System32\Tasks\win => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\win" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{732CAE4E-D1C9-4537-8230-B3B263B6F120}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{732CAE4E-D1C9-4537-8230-B3B263B6F120}" => key removed successfully
C:\WINDOWS\System32\Tasks\bvxvbxxvaa => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaa => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75BFCBC2-3C41-471B-AC93-99A7291EB17D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75BFCBC2-3C41-471B-AC93-99A7291EB17D}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{790B0F82-FBF7-4A65-87FB-48A8B5719AE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{790B0F82-FBF7-4A65-87FB-48A8B5719AE7}" => key removed successfully
C:\WINDOWS\System32\Tasks\QXEBESK => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QXEBESK" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{805BE1B9-C515-4804-82CE-79F282314AFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{805BE1B9-C515-4804-82CE-79F282314AFC}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_37333236313330342d23787845322a5b3434322d57 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8277B1D0-5859-4939-B659-0B55517F6AAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8277B1D0-5859-4939-B659-0B55517F6AAF}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B6732DD-5A8B-4C92-859B-1D6A32F67ED2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B6732DD-5A8B-4C92-859B-1D6A32F67ED2}" => key removed successfully
C:\WINDOWS\System32\Tasks\System Healer Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System Healer Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FD38911-4C73-437D-B5E3-FC9008166069}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD38911-4C73-437D-B5E3-FC9008166069}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98532C13-55F6-4DA8-AF76-A624A333BFEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98532C13-55F6-4DA8-AF76-A624A333BFEA}" => key removed successfully
C:\WINDOWS\System32\Tasks\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67BB3FCA-4DD0-1D8F-C1A6-90F798EA7D2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A88DE84D-2355-4692-B7A7-0E6F1F3619C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A88DE84D-2355-4692-B7A7-0E6F1F3619C4}" => key removed successfully
C:\WINDOWS\System32\Tasks\RSPro => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RSPro => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB673388-6C32-46B6-BC8A-4C4C07820CD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB673388-6C32-46B6-BC8A-4C4C07820CD6}" => key removed successfully
C:\WINDOWS\System32\Tasks\YFPFTQOXE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YFPFTQOXE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2F8936D-EB49-420D-A0BD-60A8BC86C796}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F8936D-EB49-420D-A0BD-60A8BC86C796}" => key removed successfully
C:\WINDOWS\System32\Tasks\SystemHealer Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemHealer Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3EFC9BB-E9AD-4A41-9C24-653A4A377256}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3EFC9BB-E9AD-4A41-9C24-653A4A377256}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6651D93-7630-4794-9B30-92DB1EF2D422}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6651D93-7630-4794-9B30-92DB1EF2D422}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD1DD1A-1331-4187-B4B8-4F3D55F84D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD1DD1A-1331-4187-B4B8-4F3D55F84D64}" => key removed successfully
C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9B6A09B-47FA-4321-A384-73A5CD7DA441}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9B6A09B-47FA-4321-A384-73A5CD7DA441}" => key removed successfully
C:\WINDOWS\System32\Tasks\SecurityApps2 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAAFAD16-5D8E-4EC5-ABB3-9904C620CD99}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBFC695B-EC1C-4D7E-8ADB-C5761E4C9BEC}" => key removed successfully
C:\WINDOWS\System32\Tasks\Googleuptodate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Googleuptodate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D33187A9-BA8C-4544-94E7-D2F21BDA6EC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33187A9-BA8C-4544-94E7-D2F21BDA6EC9}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2B92397-DCDE-4E70-B627-70306F7E7807}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2B92397-DCDE-4E70-B627-70306F7E7807}" => key removed successfully
C:\WINDOWS\System32\Tasks\Super Optimizer Schedule => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E72D99D0-8495-46D9-A54F-115AE55ABD94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72D99D0-8495-46D9-A54F-115AE55ABD94}" => key removed successfully
C:\WINDOWS\System32\Tasks\{A008C39A-B232-473F-A068-6EAA465446D8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A008C39A-B232-473F-A068-6EAA465446D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA241A42-EC85-4779-8BAC-585A6F9D08FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA241A42-EC85-4779-8BAC-585A6F9D08FC}" => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerPeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerPeriod => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE4BF2FC-5016-49E2-9DF8-D253AFA1338A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE4BF2FC-5016-49E2-9DF8-D253AFA1338A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optscan => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optscan => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0342484-B2AE-4B7D-9E84-8CEA7E6E1A43}" => key removed successfully
C:\WINDOWS\System32\Tasks\Follow Extension2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Follow Extension2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F3A1CB2A-B15E-4981-9C73-A65E24CFB758}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A1CB2A-B15E-4981-9C73-A65E24CFB758}" => key removed successfully
C:\WINDOWS\System32\Tasks\System HealerStartUp => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System HealerStartUp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7AC100A-2518-4999-9E56-F5D0836B61E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7AC100A-2518-4999-9E56-F5D0836B61E2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lanwifi => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lanwifi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F951DD44-C111-4DE3-AE28-5431AF203BEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F951DD44-C111-4DE3-AE28-5431AF203BEF}" => key removed successfully
C:\WINDOWS\System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDB6B95A-0EE1-42AD-9292-CB4D1C79B024}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDB6B95A-0EE1-42AD-9292-CB4D1C79B024}" => key removed successfully
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005 => key not found.
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-2316278512-3877362351-3516534219-1005.job => not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-2316278512-3877362351-3516534219-1005.job => not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\NVDVJDI.job => not found.
C:\WINDOWS\Tasks\Optscan.job => not found.
C:\WINDOWS\Tasks\QXEBESK.job => not found.
C:\WINDOWS\Tasks\System HealerPeriod.job => not found.
C:\WINDOWS\Tasks\System HealerStartUp.job => not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => not found.
C:\Users\Liyah241\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WWatcherProxy" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6BA63ED-7538-4FF7-9C26-B324B8DC1D4A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C82D7AA4-08BB-4E3D-A408-82F01613DE89} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{488A31B8-CB97-4F8A-B4D6-697D6A171764} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E740A7CC-6119-44AD-A924-5DB954A358D3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{786F9F67-53ED-4E7B-B74A-C28A8BC0769F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADAFB897-C726-403E-A448-D32C1016B2EC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{540021B5-F612-4C32-8512-4AFF485924CF} => value not found.
"C:\Program Files\BubbleSound" => not found.
"C:\Program Files\SpaceSoundPro" => not found.
"C:\Program Files (x86)\YTDownloader" => not found.
"C:\Program Files (x86)\PlayGem" => not found.
"C:\Program Files (x86)\Note-up" => not found.
"C:\Users\Liyah241\AppData\Local\SmartWeb" => not found.
"C:\Users\Liyah241\AppData\Roaming\TrailerTime" => not found.
"C:\Program Files (x86)\gmsd_us_005010219" => not found.
"C:\Program Files (x86)\SpaceSondPro_v53.12311" => not found.
"C:\Program Files (x86)\Optimizer Pro 3.99" => not found.
"C:\Program Files (x86)\Super Optimizer" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
"C:\Program Files (x86)\sushileads" => not found.
"C:\ProgramData\DataFile" => not found.
"C:\Users\Liyah241\AppData\Local\SearchModule" => not found.
"C:\Users\Liyah241\AppData\Local\winone" => not found.
"C:\Program Files (x86)\SearchProtect" => not found.
C:\Program Files\shopperz270120160220 => moved successfully
"C:\Program Files (x86)\Easyttosshhop" => not found.
"C:\Program Files (x86)\Consumer Input" => not found.
"C:\Program Files (x86)\QQuicckshuoP" => not found.
"C:\Program Files (x86)\deAlo4REaL" => not found.
"C:\Program Files (x86)\Checked List" => not found.
"C:\Program Files\shopperz" => not found.
c:\Program Files (x86)\IncrementInstance => moved successfully
"c:\Program Files (x86)\SustainerPlus" => not found.
"C:\Users\Liyah241\AppData\Roaming\NetService" => not found.
"C:\ProgramData\hKafruOyr" => not found.
C:\Program Files (x86)\02459A70-1448145496-D265-7A86-42E8B3913FF8 => moved successfully
"C:\Program Files\Common Files\Goobzo" => not found.
C:\Users\Liyah241\AppData\Roaming\WinNetSvc => moved successfully
"C:\Program Files (x86)\WinWiki" => not found.
"C:\PROGRA~2\YTDOWN~1" => not found.
"C:\Users\Liyah241\AppData\Roaming\BejmaDua" => not found.
"C:\Program Files (x86)\PlumoWeb" => not found.
"C:\Program Files (x86)\DNS Unlocker" => not found.
"C:\Program Files (x86)\SystemHealer" => not found.
"C:\Users\Liyah241\AppData\Local\32D03B26-CC1A-3941-B96F-FC1849C67FC0" => not found.
"C:\Users\Liyah241\AppData\Local\Follow Extension" => not found.
"C:\Program Files (x86)\MyPC Backup" => not found.
"C:\Users\Liyah241\AppData\Local\bvxvbxxvaa" => not found.
"C:\Users\Liyah241\AppData\Local\BrowserAir" => not found.
"C:\ProgramData\SearchModule" => not found.
"C:\Program Files (x86)\SwiftSearch_1.10.0.25" => not found.
"C:\Program Files (x86)\PC Optimizer" => not found.
"C:\Program Files\WajaWebEnhancer" => not found.
"c:\programdata\{05c510d2-11ec-433a-05c5-510d211e4348}" => not found.
"C:\WINDOWS\rcore.exe" => not found.
C:\WINDOWS\system32\drivers\bsdriver.sys => moved successfully
"C:\Windows\System32\DRIVERS\sdfhgdf.sys" => not found.
"C:\Windows\System32\drivers\{22b230b8-6e08-4687-afa6-31e3b13fe333}w64.sys" => not found.
"C:\Windows\System32\drivers\{2640dfca-37f9-4c11-ba0a-3db78fc74b97}Gw64.sys" => not found.
"C:\Windows\System32\drivers\{2e3800a8-eab3-4063-a79b-900fe3f11c5e}w64.sys" => not found.
"C:\Windows\System32\drivers\{59074063-010c-49cd-9e33-7f8e3a63291d}w64.sys" => not found.
"C:\Windows\System32\drivers\{6c5e4f16-dc67-4cab-bc96-83d77ccc9c15}w64.sys" => not found.
"C:\Windows\System32\drivers\{7076b5a4-952b-427a-a724-78a34643efb0}w64.sys" => not found.
"C:\Windows\System32\drivers\{8cb3277d-4674-47f4-933e-d6292b52d5ef}Gw64.sys" => not found.
"C:\Windows\System32\drivers\{f10d9a0a-e527-4623-b3a2-35e515f2ab29}w64.sys" => not found.
"C:\Windows\System32\drivers\{f9b34375-da73-4d79-af9b-37f99989fb8d}Gw64.sys" => not found.
C:\WINDOWS\system32\drivers\SPPD.sys => moved successfully
"C:\WINDOWS\system32\drivers\wpnfd_1_10_0_4.sys" => not found.
"C:\Windows\bs1.exe" => not found.
"C:\Windows\winupd.exe" => not found.
"C:\Windows\SysInfo.exe" => not found.
"C:\Windows\Mint.exe" => not found.
"C:\Windows\win.exe" => not found.
"C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0\bdd32a3c350b48d887bdb8057affe4b0.exe" => not found.
"C:\Windows\Wimboldon.exe" => not found.
"C:\Windows\hsysinfo.exe" => not found.
"C:\Windows\amdave64Win.exe" => not found.
========= netsh winsock reset =========
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
Unable to cancel {1CDCBFBD-C9A0-4F3E-BC0B-E79EB02680F2}.
Unable to cancel {7C1A3CC1-CFBA-46FC-B69E-1BAC3E1C3EAB}.
Unable to cancel {599B5384-31CD-4133-842B-06509F886C1B}.
Unable to cancel {9225D877-69D6-48FC-BBE2-9021AABAEDF8}.
Unable to cancel {A8BB7C94-8BB1-4A6F-AD1B-EEE7150673C3}.
Unable to cancel {D2246A0D-5F16-4FE0-BADA-3C8B09D53746}.
Unable to cancel {549993F6-6A99-43E5-8515-C1E4AAB6D2CF}.
Unable to cancel {05523E28-6063-4A63-98E2-59E74796A905}.
Unable to cancel {E08E55C7-6724-42C1-A25C-A48EB8DEC20F}.
Unable to cancel {B24A5157-9223-4597-8608-03070C672BFE}.
Unable to cancel {357AAA4D-A02F-4B76-956A-74AAF798FCCC}.
Unable to cancel {4D2EFB34-1E68-45C1-87B2-E81438AA053F}.
Unable to cancel {E11CCAB2-EC2A-495B-9A8F-262B20D23D4D}.
Unable to cancel {0D28305A-838D-4F9F-8815-E5BA932DC726}.
Unable to cancel {500185D8-4CE9-49FB-9ACB-A78F31D34D89}.
Unable to cancel {62611DA1-AC1B-4813-BC65-07AEF7E59E3D}.
Unable to cancel {E16FD99D-FCAE-4896-AECF-E288AFEE9B31}.
Unable to cancel {35D9BE43-7F86-4940-922E-9D58340AC147}.
Unable to cancel {7A45E85E-4C99-46FC-9F47-3107CA51E9AA}.
Unable to cancel {4212CC39-B3DF-4886-AAB1-F6F09EAC5F32}.
Unable to cancel {913FEC32-49BB-4551-93D0-048EEE47C546}.
Unable to cancel {DB20FA05-ACDC-414E-8E04-FE075A1D40F8}.
Unable to cancel {32549869-5A11-4107-8C61-735864DFF3D5}.
Unable to cancel {EC260A65-E2C4-4C70-ACC7-1F012C9A47B0}.
Unable to cancel {23A86A94-4FCC-42D6-9D24-143FC8044F1D}.
Unable to cancel {F66AB985-D1D0-4098-A206-F0B683FB1685}.
Unable to cancel {9B719126-8CEC-4216-9313-C952A4786463}.
Unable to cancel {335E020B-5F02-4BDA-AB99-5C137D5176CC}.
Unable to cancel {FDAE275E-8F6E-4480-AC02-B01A01DA0377}.
Unable to cancel {A9ACA835-5125-47FF-A8F0-D131C95F096C}.
Unable to cancel {72D06CE2-A9A9-4637-A1D9-759E668B24BE}.
Unable to cancel {B1E16B5E-AED5-42EB-BBF8-932DAA6D74F7}.
Unable to cancel {437AA846-E033-4380-A5F0-2CC375CF559F}.
Unable to cancel {5794F57B-645F-49BF-80EC-26C7752E12C5}.
Unable to cancel {B21EE32B-D1C3-4CB8-ADFA-E7DC0A312D06}.
Unable to cancel {F1697646-E483-41B9-B649-133B228F3B7B}.
Unable to cancel {C2DD2FE2-8747-40D3-A00F-0D0E94DC1D15}.
Unable to cancel {843A5D02-8DB4-4F99-B5CD-B20B01EF1F15}.
Unable to cancel {3A0C4324-063C-4609-A740-AAA1F288FB21}.
Unable to cancel {FCBA4409-371C-4F8D-B63C-C22BCFD289EF}.
Unable to cancel {FD8534C7-2365-4D32-ACC8-3C6AE6093E25}.
Unable to cancel {BD770EB8-A793-42C7-A53A-3A88515EAF17}.
Unable to cancel {F7879BAF-3BEF-4E0D-BB5C-DBEE3EAA926B}.
Unable to cancel {124FCB0D-D122-4254-BB53-ABDDDB1D1579}.
Unable to cancel {3956ED4B-A436-4679-9095-2974E7690365}.
Unable to cancel {09C1DE5E-FB23-4493-B67C-C0386AF0AB58}.
Unable to cancel {8398E7AB-172D-46C3-9D63-DA2116151CEC}.
Unable to cancel {E22CB929-59FE-4F15-9F59-9302C9969D5E}.
Unable to cancel {B7E32D4A-7751-4386-B320-DD0AB1A8C6BC}.
Unable to cancel {38F020B3-132D-44A4-AE9F-396DD82CD415}.
Unable to cancel {D023EDCB-CDB0-42D6-B704-11F50E68CD3E}.
Unable to cancel {2BD14DAB-0BB1-4760-8112-4DC2AA9003CB}.
Unable to cancel {17B9D721-F5A5-4EE2-827B-CD4BC676D43A}.
Unable to cancel {64425171-99FF-49A7-84AB-1AD734EC8F70}.
Unable to cancel {6C1BACEC-C7DC-47E9-BB76-42909C21363E}.
Unable to cancel {F304CAE5-8D83-4588-A453-A21FE33F5AD2}.
Unable to cancel {1E5282CA-D2BF-4A52-9369-DB4BDFF24316}.
Unable to cancel {EFD0DDBD-8EA8-480F-AAF9-EC8658925D51}.
Unable to cancel {8BE66B78-4922-4798-9139-B0A4DEC95062}.
Unable to cancel {3DC78152-ACA3-447B-B719-B957B58DAFFF}.
Unable to cancel {E689E9D2-FC4B-4E3C-B4F1-508907D5D758}.
{754DABD0-4D51-46FD-9FCB-FFAD86DBCB51} canceled.
{F0EC06EE-B43E-4330-A965-0B5089C0D4B2} canceled.
{51FDD84C-8F12-4DBA-AE5A-C1D223552461} canceled.
{159F0948-AACB-4B43-8AA6-F9E258095231} canceled.
{588E156A-85C8-476B-A4F9-12F87ED23D65} canceled.
{8318DAD2-F77C-4B5C-A3F0-5F3ABEBD3914} canceled.
{D567E069-F542-4B61-ADCF-129AB6357186} canceled.
{02D513B4-8DFD-4802-9925-B0CB00A00210} canceled.
{AD4A5D73-178B-4D12-8F67-8AA81526B8FE} canceled.
{952D7DE3-1695-4854-8541-4243B858B7A0} canceled.
{6DE8D6D6-09FF-4908-B20C-F7ED7FA537ED} canceled.
{CFF1DD42-A65C-49E5-B6CC-56C27B8AAF29} canceled.
{FA9B2F59-ABA1-4B6F-8884-B7E2DEC75AFD} canceled.
{A4E8D2FB-E49D-4BEE-AE49-9BBF429E201E} canceled.
{7D8788ED-D5A0-48A5-B686-BBD2F4B8C3C6} canceled.
{7BDFC9A9-283A-47BA-AEA6-D56A99D3271D} canceled.
{353DFC56-FA30-4C60-9610-02D89DDBC56A} canceled.
{F00B84BB-9D01-4934-A6AE-F1A1AE1E2C4B} canceled.
{793848E7-080B-4E5D-A1A9-8CA97FE2B095} canceled.
19 out of 80 jobs canceled.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state on =========
Ok.
========= End of CMD: =========
========= ipconfig /release =========
Windows IP Configuration
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
========= End of CMD: =========
========= ipconfig /renew =========
Windows IP Configuration
No operation can be performed on Local Area Connection* 13 while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.
========= End of CMD: =========
========= netsh int ip reset c:\resetlog.txt =========
Resetting , failed.
Access is denied.
There's no user specified settings to be reset.
========= End of CMD: =========
========= sfc /scanfile=C:\Windows\system32\dnsapi.dll =========
W i n d o w s R e s o u r c e P r o t e c t i o n f o u n d c o r r u p t f i l e s a n d s u c c e s s f u l l y r e p a i r e d
t h e m . D e t a i l s a r e i n c l u d e d i n t h e C B S . L o g w i n d i r \ L o g s \ C B S \ C B S . l o g . F o r
e x a m p l e C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . N o t e t h a t l o g g i n g i s c u r r e n t l y n o t
s u p p o r t e d i n o f f l i n e s e r v i c i n g s c e n a r i o s .
T h e s y s t e m f i l e r e p a i r c h a n g e s w i l l t a k e e f f e c t a f t e r t h e n e x t r e b o o t .
========= End of CMD: =========
========= sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========
T h e r e i s a s y s t e m r e p a i r p e n d i n g w h i c h r e q u i r e s r e b o o t t o c o m p l e t e . R e s t a r t
W i n d o w s a n d r u n s f c a g a i n .
========= End of CMD: =========
EmptyTemp: => 2.5 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 11:12:53 ====
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Liyah241 (administrator) on DIVAS-PC (24-03-2016 11:21:47)
Running from F:\
Loaded Profiles: Liyah241 (Available Profiles: AAliyah & aavar_000 & Liyah241 & Amanda)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Facebook Inc.) C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-13] (LeapFrog Enterprises, Inc.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2316278512-3877362351-3516534219-1005\...\Run: [Facebook Update] => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-23] (Facebook Inc.)
IFEO\sethc.exe: [Debugger] C:\Windows\System32\msconfig.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-03-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-03-24]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{25036078-A148-428C-849C-3283A84E18AC}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> DefaultScope {6A593BFF-095B-4B68-8250-CA75C19EFF6F} URL =
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {B26DCD28-5C71-41A8-9267-16D15DE69EAE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2316278512-3877362351-3516534219-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-01-23] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-26] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin HKU\S-1-5-21-2316278512-3877362351-3516534219-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Liyah241\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2016-03-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn [2013-02-24] [not signed]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-13] (LeapFrog Enterprises, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-08] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-02-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-02-24] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130419.001\IDSvia64.sys [513184 2013-04-19] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\ENG64.SYS [126192 2013-02-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130326.006\EX64.SYS [2087664 2013-02-24] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2014-12-30] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-23] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2014-09-21] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2014-09-21] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-22 19:38 - 2016-03-24 10:52 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 19:38 - 2016-03-22 19:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-22 19:38 - 2016-03-22 19:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 19:38 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 19:38 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 19:37 - 2016-03-24 11:21 - 00000000 ____D C:\FRST
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-24 11:24 - 2013-11-29 20:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-24 11:20 - 2013-02-28 22:22 - 00000000 ____D C:\Users\Liyah241\AppData\Roaming\Skype
2016-03-24 11:18 - 2015-10-23 15:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-24 11:15 - 2015-01-15 17:38 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-24 11:15 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-24 11:11 - 2013-02-24 22:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2316278512-3877362351-3516534219-1005
2016-03-24 11:06 - 2016-01-23 12:56 - 00000000 ____D C:\ProgramData\{21e2c4a6-00c8-0}
2016-03-24 11:06 - 2016-01-23 12:56 - 00000000 ____D C:\ProgramData\{1e010a4c-70c8-1}
2016-03-24 11:06 - 2013-12-09 12:32 - 00001172 _____ C:\Users\Liyah241\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 11:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-03-24 10:52 - 2014-10-22 23:40 - 00002237 _____ C:\Users\Liyah241\Desktop\HP Support Assistant.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002661 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002629 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002627 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002625 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2016-03-24 10:52 - 2014-10-06 16:08 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2016-03-24 10:52 - 2013-12-09 01:19 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-12-08 23:25 - 00001108 _____ C:\Users\Public\Desktop\Orion File Recovery Software.lnk
2016-03-24 10:52 - 2013-11-29 20:32 - 00001988 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-03-24 10:52 - 2013-11-29 20:30 - 00000944 _____ C:\Users\Public\Desktop\LeapFrog Connect.lnk
2016-03-24 10:52 - 2013-07-04 03:38 - 00001777 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-24 10:52 - 2013-07-04 03:35 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-24 10:52 - 2013-02-28 22:21 - 00002509 _____ C:\Users\Public\Desktop\Skype.lnk
2016-03-24 10:52 - 2013-02-24 21:53 - 00002082 _____ C:\Users\Public\Desktop\HP Games.lnk
2016-03-24 10:52 - 2013-02-24 21:53 - 00002070 _____ C:\Users\Public\Desktop\eBay.lnk
2016-03-24 10:52 - 2013-02-24 21:52 - 00002160 _____ C:\Users\Public\Desktop\Walmart Photo Center.lnk
2016-03-24 10:52 - 2012-12-31 06:57 - 00002515 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2016-03-24 10:52 - 2012-12-31 06:39 - 00001355 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-03-24 10:52 - 2012-08-17 11:12 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-03-24 10:30 - 2013-07-23 19:25 - 00000958 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job
2016-03-23 19:30 - 2013-07-23 19:25 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job
2016-03-22 21:01 - 2016-01-26 20:48 - 00000000 ____D C:\ProgramData\36dc8b28-35d5-0
2016-03-22 21:01 - 2016-01-26 20:48 - 00000000 ____D C:\ProgramData\36dc8b28-31b1-1
2016-03-22 21:01 - 2015-01-22 23:03 - 00000000 ____D C:\Users\Liyah241\AppData\LocalLow\Company
2016-03-22 21:00 - 2015-05-01 05:20 - 00000000 ____D C:\ProgramData\1887373585
2016-03-22 21:00 - 2015-05-01 05:18 - 00000000 ____D C:\ProgramData\2355320829
2016-03-22 21:00 - 2015-03-23 15:33 - 00000000 ____D C:\ProgramData\bdd32a3c350b48d887bdb8057affe4b0
2016-03-22 21:00 - 2015-03-17 16:57 - 00000000 ____D C:\ProgramData\cheap-o
2016-03-22 19:42 - 2013-12-09 00:58 - 00006424 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-22 19:09 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 19:03 - 2015-05-01 05:25 - 00000814 _____ C:\Users\Liyah241\AppData\Local\Temp-log.txt
2016-03-22 07:34 - 2013-12-09 01:10 - 00000000 ____D C:\Users\Liyah241
2016-03-22 07:24 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-22 07:21 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
==================== Files in the root of some directories =======
2015-05-01 05:25 - 2016-03-22 19:03 - 0000814 _____ () C:\Users\Liyah241\AppData\Local\Temp-log.txt
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll
[2014-10-29 15:28] - [2014-10-29 15:28] - 0494592 ____A (Microsoft Corporation) ED11721103CE93DF7C3D8D171476A29F
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-23 16:16
==================== End of FRST.txt ============================
FRST Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Liyah241 (2016-03-24 11:24:31)
Running from F:\
Windows 8.1 (X64) (2013-12-09 08:34:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
AAliyah (S-1-5-21-2316278512-3877362351-3516534219-1002 - Administrator - Enabled) => C:\Users\AAliyah
aavar_000 (S-1-5-21-2316278512-3877362351-3516534219-1003 - Administrator - Enabled) => C:\Users\aavar_000
Administrator (S-1-5-21-2316278512-3877362351-3516534219-500 - Administrator - Disabled)
Amanda (S-1-5-21-2316278512-3877362351-3516534219-1008 - Limited - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2316278512-3877362351-3516534219-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2316278512-3877362351-3516534219-1007 - Limited - Enabled)
Liyah241 (S-1-5-21-2316278512-3877362351-3516534219-1005 - Administrator - Enabled) => C:\Users\Liyah241
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{AE986BF5-B6E3-4F8D-B412-A3DD90DF5146}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.2.1.18456 - LeapFrog)
LeapFrog Connect (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog Leapster Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Orion File Recovery Software (HKLM-x32\...\Orion) (Version: - NCH Software)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (HKLM-x32\...\LeapsterExplorerPlugin) (Version: - LeapFrog)
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FA68CB1-F70F-497D-A7EA-70CCFD049024} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1565E572-5707-4574-A166-82304ACDF0DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {19DBB75F-F185-4BE8-B5B7-26D953F04CDB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {272E4711-0CE2-4CA7-9882-F36D01E5EB00} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {454644C7-933F-42B3-BFD9-A3DB8BD5274E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {4813F88F-ABA2-4467-B7B0-EBC483988773} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4F4922F9-801E-4DE8-8C5A-3CD868EA6CB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2015-05-05] (Hewlett-Packard)
Task: {4FBADFDA-B9BA-4AAB-B9A4-B760FD138308} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {56A7D303-FA5B-41F8-B35B-FFFF291BC163} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {5A1B0BCE-2EFA-48B5-A163-08A6CFE62604} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {612A3083-C806-46DF-B39F-E21B9C91848A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {77E2BEB9-0430-4A88-BCDB-D174072DB76A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8A0A5988-6A65-462E-A292-68A6B6870F87} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {92FC8ABE-4409-4EEA-82D2-FC89A5C0669C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-23] (Facebook Inc.)
Task: {97884243-269F-4FF1-8971-B74350DE530F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {A08391D7-A1C3-446A-BA04-FEEB678698A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-26] (Microsoft Corporation)
Task: {ACE2EFD5-6E21-4DDA-8A8B-C4DEA67F7FC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {B48233E2-EBDD-4E3D-A372-16C96E91DE07} - \SushiLeads -> No File <==== ATTENTION
Task: {BEE85776-F774-4BDF-A094-A03253C81B95} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {D2B88BE8-AB29-44BB-95EB-EF2A8CFDA298} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {D9077C6D-1581-4391-90F3-6803A9E67B89} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {ED0320A2-FD63-45A8-9CAC-A641B5B23FED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {FB8A7251-4D78-4055-82E3-BA05A0D18C27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005Core.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2316278512-3877362351-3516534219-1005UA.job => C:\Users\Liyah241\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-12-15 20:03 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-23 12:46 - 2016-01-23 12:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-15 20:01 - 2012-05-29 23:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2012-12-31 06:42 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2015-11-21 15:35 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
17-03-2015 16:59:22 Windows Update
22-03-2015 12:30:00 Windows Modules Installer
22-03-2015 12:31:18 Windows Modules Installer
24-03-2015 18:13:09 HPSF Applying updates
30-04-2015 23:38:12 Windows Update
05-05-2015 16:23:03 Windows Update
23-10-2015 16:16:29 Windows Update
22-03-2016 18:59:30 Removed AllPCOptimizer.
24-03-2016 11:05:02 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/24/2016 11:20:52 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 11:05:02 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1f3d68c0-c198-432f-8ccc-2a922122f9a8}
Error: (03/24/2016 11:01:04 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 10:55:11 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 10:43:09 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 10:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 07:43:09 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 07:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 04:43:10 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
Error: (03/24/2016 04:30:05 AM) (Source: Google Update) (EventID: 20) (User: divas-pc)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801
System errors:
=============
Error: (03/24/2016 11:15:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275
Error: (03/24/2016 11:06:12 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (03/24/2016 11:05:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Print Spooler service terminated with the following error:
%%2147944103
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/24/2016 11:05:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
Error: (03/24/2016 11:05:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2015-10-23 16:06:30.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 16:04:37.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 16:02:19.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:59:33.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:57.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:13.411
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-10-23 15:58:11.659
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 3682.26 MB
Available physical RAM: 2640.11 MB
Total Virtual: 4322.26 MB
Available Virtual: 3221.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:273.59 GB) (Free:207.6 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.39 GB) (Free:2.78 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.9 GB) (Free:14.87 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================