Yesterday I went to a trusted site and I got one of those pop ups advising me that my computer was infected and I had to call a number immediately. From there everything went downhill. I ran Eset, Hitman Pro, Malawarebytes, Bitdefender online scanner but neither of them found anything but antivirus and firewall remain disabled. I know the virus is there but, I just can't find it. I am working in safemode. Please help
I ran Farbar and ere are the logs:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Sylvia (2016-04-29 11:31:45)
Running from C:\Users\Sylvia\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-02 23:48:43)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4044022209-2194366084-123958388-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4044022209-2194366084-123958388-503 - Limited - Disabled)
Guest (S-1-5-21-4044022209-2194366084-123958388-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044022209-2194366084-123958388-1003 - Limited - Enabled)
Sylvia (S-1-5-21-4044022209-2194366084-123958388-1000 - Administrator - Enabled) => C:\Users\Sylvia
Work (S-1-5-21-4044022209-2194366084-123958388-1004 - Administrator - Enabled) => C:\Users\Work
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A.I.type (HKLM-x32\...\{CA708BFE-EE7F-4B9D-88B5-AFA091047BEC}) (Version: 0.8 - A.I.type)
AC-3 ACM Codec x64 2.1 (HKLM\...\AC3ACM) (Version: 2.1 - fccHandler)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Cloud Drive) (Version: 2.5.1.38 - Amazon Digital Services, LLC.)
Amazon Kindle (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Kindle) (Version: - Amazon)
Amazon Music (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Amazon Music) (Version: 4.1.0.1229 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avensen Domain Name Finder 2.24 (HKLM-x32\...\{C2BD2D80-3531-4D00-8368-93FF75EE82FE}_is1) (Version: - Avensen Software)
Backlink Pirate 1.0 (HKLM-x32\...\Backlink Pirate_is1) (Version: - mtisoftware.com)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CoverFactory 2.50 (HKLM-x32\...\CoverFactory 2.50_is1) (Version: 2.50 - Answers 2000 Limited)
CurationSoft (HKLM-x32\...\CurationSoft) (Version: 3.94 - UNKNOWN)
CurationSoft (x32 Version: 3.94 - UNKNOWN) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DomainInspect (HKLM-x32\...\DomainInspect) (Version: - AntsSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Freemake Audio Converter version 1.1.4 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.4 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
InPixio Photo Clip Demo (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.00 - Avanquest)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Jarte (HKLM-x32\...\Jarte_is1) (Version: 5.4 - Carolina Road Software L.L.C.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 2.9.1.0 - QFX Software Corporation)
Keyword Blaze (HKLM-x32\...\com.blueprintcentral.keywordblaze) (Version: 1.8.4 - UNKNOWN)
Keyword Blaze (x32 Version: 1.8.4 - UNKNOWN) Hidden
K-Lite Mega Codec Pack 8.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech Scroll App 3.0 (HKLM\...\Sn1) (Version: 3.00.31 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.0.5955 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\MusicManager) (Version: - Google, Inc.)
Mz CPU Accelerator (HKLM\...\MzCPUAccelerator_is1) (Version: 4.1.0 - Mz CPU Accelerator)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PeaZip 6.0.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.0.0 - Giorgio Tani)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayOn (HKLM-x32\...\{a8580830-79da-4f33-9fac-3377a789b85e}) (Version: 4.0.10.13030 - MediaMall Technologies, Inc.)
PlayOn (x32 Version: 4.0.10 - MediaMall Technologies, Inc.) Hidden
PlayOn Dependencies (x32 Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Spotify (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1126 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
VirtualDub Filter Pack 1.1 (HKLM-x32\...\VirtualDub Filter Pack_is1) (Version: - Infognition Co. Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waterfox 12.0 (x64 en-US) (HKLM\...\Waterfox 12.0 (x64 en-US)) (Version: 12.0 - Mozilla)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.11 - NCH Software)
WebDwarf V2 (HKLM-x32\...\{8E77A94F-AEE6-4B44-9330-514B08D042BA}) (Version: 2.92.17 - Virtual Mechanics)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wondershare PDF to Word (Build 3.5.0) (HKLM-x32\...\{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1) (Version: 3.5.0 - Wondershare Software)
ZipItFree 2.30 (HKLM-x32\...\zipitfree) (Version: 2.30 - MicroSmarts LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {042B28F6-96D1-4E94-B120-19D7BE96CE16} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {05A58A71-313A-491D-B65F-AEBC746CA3A1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0902CC0F-B401-4A6D-AFAC-AD7F1CE1B23B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0F39EEE8-80EC-4973-A106-C4A64A594F31} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {14F57CD1-CFEB-4005-B36E-F4840717E44B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15ED5D55-F4F2-4352-A540-304BCCA2A368} - System32\Tasks\{51544CC1-1D98-4A6B-A4F1-DB814B5295E3} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {1621C9ED-1D6C-4023-80B9-9B0606E23586} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {16AED659-136B-4C07-BC1C-3A9D60723BD3} - System32\Tasks\Uninstaller_SkipUac_Sylvia => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {1ABDDF65-6589-4B51-BE42-2ED072D372DA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2264806E-0E9A-4136-B397-4C08C8C3F63A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {291CF3B5-7795-4233-B59C-DC336A4E0B6D} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2C0C3086-949D-4B8C-89EF-382B2166B98C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {2D42AB1F-3CA3-43D3-BE13-32F50501BABC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {356CCD50-D33C-483D-AEF5-B760414E7EE4} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {35BFCAC6-8E38-4FB7-970E-3FE921274964} - System32\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3E6E5456-02AF-40DC-B9CA-1AE54320EF9E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {455C8359-2783-4FEB-9DC4-F4ED24A21BE1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4DBA1C39-5CE9-4576-9953-022434906B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {4F58DD95-72DC-4DD5-86AC-065EEC960107} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {5965114A-B5B9-423B-950B-C0B21D317C96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5EF093E4-0E4F-4D27-8752-A2278486FB92} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
Task: {61932A53-C79A-45C5-BCB8-E60916DC989F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {66C1BA5E-0D6A-48D1-93DC-5B02BC9A20B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C36EFDF-1AA0-4706-BC95-1D262ADA61E5} - System32\Tasks\{7FF363EE-EFEA-48B2-AE93-9B4C2E30F8E8} => pcalua.exe -a C:\Users\Sylvia\Downloads\AudibleDM_iTunesSetup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6C4F11DB-7945-4923-8CD5-4BFFDC39EB2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7333543E-CD29-4134-84F1-BECEEC588092} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {77C93557-7547-49E8-B0D5-FBA2CA76828B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7A75DBD5-523C-44AE-B9F9-86442927C468} - System32\Tasks\iolo DelOnReboot => /c IF EXIST C:\ProgramData\iolo\ops\smrr.dll del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {7D2C8AAD-3DEE-4FF5-BD7A-AFCBA0144ACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {7EF9970B-7260-421E-A8B0-CE4061C2DCA2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {80C19242-1AAB-4F8B-908C-934E444A2312} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8196B0C5-09F7-4DA7-9797-705E9A9BE591} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8C837870-9581-4564-9956-DBBC4445455F} - System32\Tasks\{C71D4CB6-41FA-46D3-B69E-5478F015EE5C} => pcalua.exe -a "C:\Program Files\Desktop Calendar\DesktopCalendar.exe" -d C:\Users\Sylvia\Desktop
Task: {91FC9C37-8E9A-4D31-9489-591557A9CC2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9E938577-801A-4777-B539-3C4FEC44E78C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNMLMKMKJLMMJOMNJCNNMMJGMOMCNLMIMMMKMCNHMOMNJKJCNKJJJIMPMKJJMNMMMJJHMKMHMJNJICMIMCNIMCNGMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMFMHMMMMMJNHICMOMNMKJOMMMJNBJCMMKGIDJJIGJOJPNMKPIKJBJMJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {A138CCA1-D67E-4D4D-B317-ED0ACF0A0E77} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A223E981-9EF8-4300-9AA4-5D4C3D66F49D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A379950E-135A-4FB5-B14E-F24BA6B0D0A2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)
Task: {A6496C87-F958-4F24-B4EC-CD1352E8E4AE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AE59EC9C-C5AC-4805-BA59-2E787E6E5C45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2F019B2-52D0-4279-A381-06A1B6373AB6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B7463965-AA8E-4D15-ADA8-C8DCB5CDEACE} - System32\Tasks\{BCDDBC84-315E-481E-8CF3-0C0BBF98CD66} => pcalua.exe -a "C:\Users\Sylvia\Documents\My Downloads\Install_CopyTransControlCenter.exe" -d "C:\Users\Sylvia\Documents\My Downloads"
Task: {B7D44FD6-F1D2-4836-A7DC-2EEBA3DE8770} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BB4FD66B-8147-4A4C-8CFF-13C67F2E2C7A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {C6D6E601-0232-4EAA-9705-ADE7D5EF83D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6ED9901-85EA-4E65-82E3-02D61396B41D} - System32\Tasks\{1C08320F-9E50-44CA-8099-F73BE4F2E066} => pcalua.exe -a D:\startinstall.exe -d D:\
Task: {CF0A5A7D-AE0A-4D7E-9945-0CB58F5FAE0C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {D2CF1736-AB75-4A39-A971-A37F73C06855} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DB690CDF-FE8F-4691-B8A8-69BBCAA18053} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DE234142-6602-4FA6-B0BB-910EEB22441B} - \Driver Booster SkipUAC (Sylvia) -> No File <==== ATTENTION
Task: {E6C69022-3807-4A75-BBC2-64FB25E61A39} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E820ADF2-7DB3-4B17-A4AF-009A65F7E8EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {EE153C7C-5A18-4308-8ABF-DAA32DCD4EC4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EE3E13E2-E0D6-44E2-AF29-50EDF04786B9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F36F239B-EBA1-48E3-B313-4F3A0C6043BF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F5738708-4C9C-4BB0-B7DB-6022122C1D41} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)
Task: {F5AFD05F-B6A7-4959-8F29-5A79A4F121A3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FBB73A29-00C5-43B0-8002-4F451CDCEB6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {FEDCB278-CD00-489B-BDEE-0E263C1AB117} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Work\Downloads\chrome_cleanup_tool.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core.job => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA.job => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll
2016-03-02 22:04 - 2016-03-02 22:04 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 10:25 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 10:32 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 10:30 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 10:33 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 10:34 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Sylvia\Downloads\7z1514-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\AdobeAIRInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\esetsmartinstaller_enu(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\esetsmartinstaller_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\fu123mx310swin1040us.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\InPixio_PhotoClip_EN_FT.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\jarte_54_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\MEGAsyncSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\MessengerSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\musicmanagerinstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\peazip-6.0.0.WINDOWS.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\pushbullet_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\setupBacklinkPirate.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\YP-DNA-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\zip-it-free.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Documents\It's All About chosing.rtf:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-04-17 18:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MediaBrowser => 3
MSCONFIG\Services: MF NTFS Monitor => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WMZuneComm => 3
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Trend Micro SafeSync.lnk => C:\Windows\pss\Trend Micro SafeSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sylvia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk => C:\Windows\pss\Jacquie Lawson Quick Send Widget.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Sylvia\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: Dashlane =>
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Google Update => "C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_D2E080A0B0D3FA5E85FCBE61F49B379B =>
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogiScrollApp => C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
MSCONFIG\startupreg: MediaFire Tray =>
MSCONFIG\startupreg: OOTag => C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Sidebar =>
MSCONFIG\startupreg: Spotify => "C:\Users\Sylvia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper =>
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
MSCONFIG\startupreg: Zune Launcher =>
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "PlayOn"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{FB32CFC7-68D9-445B-A7B9-6F07297BEDD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7795259-585F-402F-B4D7-40F92E513FCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB67A89-C81E-42F3-A1E0-E5E2842294C7}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{A8F84D69-0067-4530-9267-1676C5B64DF2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{4686BE66-F714-43D1-883E-B359F726FE5B}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe
FirewallRules: [{2696A0AB-93D6-4DFE-8913-547025F10868}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{344DBEB8-D60A-4615-8E88-762E32AE3128}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{F1AE7181-3F30-4812-829C-BFD09523DFDB}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nse443C.tmp\Installer-10408138.exe
FirewallRules: [{54CB5400-7869-4429-910E-626611B634B1}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nse443C.tmp\Installer-10408138.exe
FirewallRules: [{6D7155E6-0A58-4F7E-AE2A-416E8B31407D}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsk39D2.tmp\Installer-10366810.exe
FirewallRules: [{6F07937E-6D2C-4449-A3AC-F79A8B5BDD91}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsk39D2.tmp\Installer-10366810.exe
FirewallRules: [{BE47FD72-2AEC-48DE-ABF4-4AF98D749EB1}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsn9D45.tmp\Installer-10256071.exe
FirewallRules: [{1C609DED-4A80-40A4-AB42-BF251EF0C4D0}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsn9D45.tmp\Installer-10256071.exe
FirewallRules: [{ED17C921-CB95-4048-82BD-97F04E9B3D2F}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsi234C.tmp\Installer-10256071.exe
FirewallRules: [{7D7D13AC-8759-4CA0-B2CB-33FB45C64B6C}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsi234C.tmp\Installer-10256071.exe
FirewallRules: [{61D277A5-9837-43E6-A1AA-0561008B5989}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsu7CBE.tmp\Installer-10256071.exe
FirewallRules: [{046C0303-2D4E-4CB2-A302-C4FA99BDF540}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsu7CBE.tmp\Installer-10256071.exe
FirewallRules: [{C8416BE5-FC20-47EC-9E14-36AC9067CA9C}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsh45B5.tmp\Installer-10256071.exe
FirewallRules: [{E995D1F4-17E2-42DE-9F82-D98ACA46FAE4}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsh45B5.tmp\Installer-10256071.exe
FirewallRules: [{93128737-852C-4399-B879-319632A5B9CC}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsc6EC4.tmp\Installer-10967099.exe
FirewallRules: [{1312276B-EDEC-4923-B892-33D8CD3CA4FC}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsc6EC4.tmp\Installer-10967099.exe
FirewallRules: [{B87BD1A6-FE36-465F-8BBA-34989181FF45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF99279B-6B48-4ED6-A5A5-0C9010A9DB32}] => (Allow) LPort=2869
FirewallRules: [{257EA145-6F5A-4A4E-93A6-79EB28CF432F}] => (Allow) LPort=1900
FirewallRules: [{2402752B-0451-405D-B6CD-7A00838F1578}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8FE0DD2A-3C70-4BFE-B975-E9638A213B70}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02457991-DF03-4F56-A23E-7660FF178298}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{65A33E0B-B7CB-4B6A-8F51-BDF86A3A10FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{CAC566DA-FDB0-4E86-B7B2-762CA9114877}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{42A8A587-1D3D-4553-9513-FFD67A53D171}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{314C7C95-7349-4595-B5FA-5B65F00D3034}] => (Allow) C:\Users\Sylvia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{047C476F-FD62-49BE-86B1-768CE4D7EEF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C65A81F-367D-41AD-B84A-51C6B01D95EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{26500248-0376-478A-B17E-B4DC00752783}C:\users\sylvia\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sylvia\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{11F2F9D5-F007-47B5-A5B8-1DDE6CDFF95D}C:\users\sylvia\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sylvia\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F34C6A53-249E-41CB-8069-4E37373C7602}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E641E34-93E2-448A-A219-B35799C7444C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E442368C-AB9E-4C80-A44C-BB8FF54FEDEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBBDB62B-A19C-4959-93ED-0D3FCD828109}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F968339B-69A8-45B2-AF55-11CB06C893D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6A88EF3-F768-4A51-8BEE-C299F9DCB1BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2FE9E56-F0F2-47C2-8439-E8E628186957}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6C392394-4065-474C-88D4-F72925F8B91A}] => (Allow) LPort=7359
FirewallRules: [{CB73A292-2717-458E-9752-A8E76034A324}] => (Allow) LPort=8096
FirewallRules: [{7BDE6EA8-D327-4310-A7F8-9FCBB1C7EA62}] => (Allow) LPort=8920
FirewallRules: [{08B75D9C-9894-43D2-AFBD-6BD7DFFE77A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8A785DD1-05A7-457D-9714-B1A8002615EB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
14-04-2016 12:59:07 Checkpoint by HitmanPro
16-04-2016 16:36:51 Checkpoint by HitmanPro
17-04-2016 19:00:08 Windows Backup
21-04-2016 15:49:36 Windows Live Essentials
21-04-2016 15:52:16 Installed DirectX
29-04-2016 00:49:03 Windows Backup
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/29/2016 12:49:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (04/29/2016 12:41:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1100) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0002D.log.
Error: (04/28/2016 11:56:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Bitdefender Agent restore point; Error = 0x8007043c).
Error: (04/28/2016 11:52:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Bitdefender Total Security 2016 restore point; Error = 0x8007043c).
Error: (04/28/2016 11:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sylvia-PC)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/28/2016 11:21:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Google Chrome restore point; Error = 0x8007043c).
Error: (04/28/2016 05:07:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).
Error: (04/28/2016 11:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.218, time stamp: 0x56ff3cf7
Faulting module name: StartUI.dll, version: 10.0.10586.218, time stamp: 0x56ff3bfe
Exception code: 0xc0000005
Fault offset: 0x0000000000103439
Faulting process id: 0x8e0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
Error: (04/27/2016 12:00:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERANTISPYWARE.EXE version 6.0.0.1216 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1790
Start Time: 01d1a08fbe2df2d3
Termination Time: 77
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
Report Id: 258fdc7a-0c91-11e6-9d72-f80f4134d067
Faulting package full name:
Faulting package-relative application ID:
Error: (04/25/2016 04:22:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x19c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5
System errors:
=============
Error: (04/29/2016 11:33:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (04/29/2016 11:33:01 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (04/29/2016 11:30:44 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (04/29/2016 11:29:55 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
CodeIntegrity:
===================================
Date: 2016-04-15 19:06:28.321
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-04-14 23:54:36.209
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-24 10:24:19.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-13 12:06:29.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-10 11:10:14.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-04 11:34:58.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-03 19:19:22.768
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 18:48:19.884
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 18:41:47.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-02 18:37:05.176
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 4061.17 MB
Available physical RAM: 2810.58 MB
Total Virtual: 8157.17 MB
Available Virtual: 7078.58 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:914.91 GB) (Free:771.99 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7CF2891)
Partition 1: (Not Active) - (Size=16.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=914.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================