All Activity

This stream auto-updates   

  1. Past hour
  2. Here you go man. Thanks! Addition.txt FRST.txt
  3. Still working ok for you? The 2 laptops I did yesterday haven't had RTP turn off anyway. Both have been on since yesterday, Did a few full scans on both & used Kaspersky for a few scans, Still working fine.
  4. Might be normal but I just want to be sure . Thanks for your time scan.txt Addition.txt FRST.txt
  5. Today
  6. I have this suspicious popups in my PC: asking for upgrading/downloading and install yahoo stuff and chromium. so, I decided to scan all of my drive while i'm away. so I start a custom scan, selecting all internal storage drives, and start. It was stuck at scanning for rootkits. for four hours. In reports tab, there's no scan report related for it. Probably because I forced terminate the app to stop the scan. It was stuck. MB-CheckResult.txt
  7. Thank you so much for helping me out. I mentioned in my first post that I ran windows repair from tweaking.com. This has fixed some problems (can open programs in normal mode now, internet connection seems to be stable so far) but windows update still isn't working. Also, it's worth noting that this computer has been infected since november; it belongs to my parents and I was only able to take a look at it now. I found the offending file in the downloads folder that was dated November 6. Again, thank you so much for your help!
  8. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01 Ran by Melissa (22-04-2017 15:07:11) Running from C:\Users\Melissa\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-02-27 05:04:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-929916483-925240248-1123344957-500 - Administrator - Disabled) Guest (S-1-5-21-929916483-925240248-1123344957-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-929916483-925240248-1123344957-1006 - Limited - Enabled) Melissa (S-1-5-21-929916483-925240248-1123344957-1000 - Administrator - Enabled) => C:\Users\Melissa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated) Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated) Ahead Client (HKLM-x32\...\com.ahead.client.desktopclient.gpu) (Version: 0.2.339 - UNKNOWN) Ahead Client (x32 Version: 0.2.339 - UNKNOWN) Hidden Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother BRAdmin Light 1.21.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0001 - Brother) Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.8.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC) Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Dropbox) (Version: 1.2.52 - Dropbox, Inc.) Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Photos Backup (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.07.003 - Portrait Displays, Inc.) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.11052.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation) iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.) Java(TM) 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.) Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.50 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems) Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic DVD Ripper V6.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.) magicJack (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.1072 - ooVoo LLC.) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) Remote Mouse version 1.12 (HKLM-x32\...\{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1) (Version: 1.12 - Remote Mouse) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden Scansoft PDF Professional (x32 Version: - ) Hidden SDK (x32 Version: 2.28.007 - Portrait Displays, Inc.) Hidden SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.18.0 - Lenovo Group Limited) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.) Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.) Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 1.11.01.256 - Huawei Technologies Co.,Ltd) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12799 - TeamViewer) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.632 - Electronic Arts) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) VSDC Free Video Editor version 3.0.0.345 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.0.0.345 - Flash-Integro LLC) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinX DVD Ripper 5.5.5 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zotero Standalone 3.0.3 (x86 en-US) (HKLM-x32\...\Zotero Standalone 3.0.3 (x86 en-US)) (Version: 3.0.3 - Zotero) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04B319F7-BEDD-4145-950B-3A41CC0C4DB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {088C59A2-96DF-45B2-A486-9A790D1FF769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard) Task: {09FFDAB4-FEF8-49FE-A8F6-36FF0EAA8867} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {140B9A44-1FE9-4B5F-B7CF-7120F7422D8A} - System32\Tasks\{87AABD36-E125-4F15-9F78-1CCD8C8C4627} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe" Task: {300C7930-62A3-499E-8551-4DF3B8AD06E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-17] (AVAST Software) Task: {30F93E9B-CC09-42EF-AFB3-BC2E36F5722B} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater -> No File <==== ATTENTION Task: {33FA7B26-D2F7-4934-9428-BE1E1C703796} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {39AF3712-0BDE-45CA-A7DE-8F8CC2EB22F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18] (Adobe Systems Incorporated) Task: {56594045-28C6-4CFC-8177-5D6BB696279D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {645EE1A5-F68F-4ACF-8B97-F21AB4B0A0F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {6CF48644-ECE3-4C08-91BD-26704EB97EA4} - \{A4FCBD0E-A1F0-4A6D-9AA9-C91364EF6D46} -> No File <==== ATTENTION Task: {6EDED634-439E-4BDD-B8AE-2FE5AB517CA3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {70B0472C-EAF1-4FDE-AAF3-4DA0CD0162F2} - System32\Tasks\HPCeeScheduleForMelissa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: {7B4D7B76-C1AE-43F4-A588-6E2309399415} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {844A25FA-13AD-4A6D-A4E6-403E8A45977F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {A21F091D-3EED-4FA4-8CA5-FA490C02FFCF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {A6F3C280-9383-457A-8EFF-D7C63391F0DE} - System32\Tasks\{36AF5152-5424-4F1B-B181-151476E9B035} => pcalua.exe -a E:\setup.exe -d E:\ Task: {A8E32FDD-841D-43D9-9980-44CB85325CFD} - System32\Tasks\{0771001D-FE57-423C-A6C9-F5C27EC1BFE1} => C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe Task: {AEC5D888-32C3-4C61-ABBB-50F8E007639B} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink) Task: {B13A21D7-007C-4FF7-A098-2D7C7FB1E5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {BBDC4708-B82C-4AA3-827B-0DF37878FF73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-09] (Lenovo) Task: {C5E509AA-9C4D-4E55-85C2-49819B9F39AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe Task: {CBA1A9A8-33C7-4ACB-93BD-62A282FCC196} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CE8D1756-9C78-451D-BEE9-12D7FB8232B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {CF07B7D4-D8E2-4964-B14F-33C3F955EF3B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink) Task: {E0127941-251D-4369-8BC5-F9F53A42926A} - System32\Tasks\{559A16E0-DFF4-491E-8783-CD325645AB1C} => C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe Task: {E0479641-4E1E-4307-AF16-D5D4157BEDC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe Task: {E6BCB52B-E859-4BFC-8499-3D575FAC00B7} - System32\Tasks\{2B890EC8-7409-4A41-AC11-31363E85A180} => pcalua.exe -a "C:\Users\Melissa\Documents\Vuze Downloads\MicroSoft Office 2007 With Key by [TORRENTMAFIA.IN]\setup.exe" -d "C:\Users\Melissa\Documents\Vuze Downloads\MicroSoft Office 2007 With Key by [TORRENTMAFIA.IN]" Task: {F6331FCF-3FEF-44E1-81E9-710C9F33298E} - \Adobe Acrobat Update Task -> No File <==== ATTENTION Task: {F6A666CF-AEE7-4D67-8F41-539290907DEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard) Task: {F7E99BDF-215A-4501-9FD1-AA7571658648} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForMelissa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1492472747.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Default Profile - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2012-03-02 20:05 - 2005-04-21 20:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll 2017-04-21 04:54 - 2017-04-21 11:11 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-04-21 04:54 - 2017-04-21 11:11 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2014-09-05 04:29 - 2014-09-04 19:55 - 00132808 _____ () C:\Users\Melissa\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll 2017-04-04 10:56 - 2017-03-28 18:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-04-04 10:56 - 2017-03-28 18:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2017-04-22 12:05 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-929916483-925240248-1123344957-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.22.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: aswbIDSAgent => 3 MSCONFIG\Services: avast! Antivirus => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BrYNSvc => 3 MSCONFIG\Services: CalendarSynchService => 2 MSCONFIG\Services: DTSRVC => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\Services: HPClientSvc => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: IconMan_R => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3 MSCONFIG\Services: LinksysUpdater => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: McComponentHostService => 3 MSCONFIG\Services: nmservice => 2 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: pdfcDispatcher => 2 MSCONFIG\Services: PDFProFiltSrvPP => 2 MSCONFIG\Services: PdiService => 2 MSCONFIG\Services: Skype C2C Service => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: TeamViewer7 => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk => C:\Windows\pss\Start.lnk.Startup MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\f0a075db-dd66-4b41-8950-5450ed16cc4c.exe /check MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: cdloader => "C:\Users\Melissa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO MSCONFIG\startupreg: Facebook Update => "C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Update => C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe MSCONFIG\startupreg: nmctxth => "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: {965D2816-0302-40D9-8BBA-C8BD05C90183} => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\CHLISNXIFMZMA').OLCBJCENKYDI))); ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5126439B-7CE2-4EAF-ABD5-1FA13DD12D5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{29EC7BE0-0D77-47EE-80EA-0B6B4DF990B9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{C8846004-B31F-46E5-8B9E-849761B515F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{3A61A016-2973-47E8-BE41-3F46FE93B5A3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{AAEDF6C8-3719-428D-95D8-82078981B25E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D3348F52-0F6F-41FA-B199-17049CC04238}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{D9FA1CD4-6A43-4024-BADC-6323B15A1A00}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{DB1728AE-6248-4864-8C3C-C963B28C1570}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{B91CCC2F-C890-42F1-96B7-179C8C5319D2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{FFBFC9C8-68A3-41FD-AC9B-1F90C0F6982C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{09D1710F-84B6-4824-B4FD-EEE3DA5201F8}] => (Allow) LPort=2869 FirewallRules: [{8724E276-8227-4F38-AF43-3DDE5D608E1E}] => (Allow) LPort=1900 FirewallRules: [{5D20CC59-BBF8-4CE5-BF97-4272C8E0227B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{0B1E426D-EFCC-462E-8031-095A4B1DA36D}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe FirewallRules: [{9B1C0FB7-A652-494E-8AE3-C0B0E4E55641}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe FirewallRules: [{F4E186C4-29E1-43D7-B969-BECAEDF801CA}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe FirewallRules: [{C9FF39C8-36B6-43E8-9CC8-637A84D2922A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe FirewallRules: [{20BCB65F-A6B1-4FBD-A6B4-27921E60F886}] => (Allow) LPort=54925 FirewallRules: [{0722868F-0759-4BDB-8D27-C345F3EED6B9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{5110B3A0-0327-42A5-B30D-E4C19D57BF5B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{4EA01BB6-9190-4A51-9EBB-9DAFAEACECEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{CF29DA8E-CB2A-4793-8A89-9D61E0F7D285}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{19CF1D27-E9E7-4865-BED7-09CE9A4808B3}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1D137F51-FD2C-416E-B9F0-8826D6F3551D}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{F7DC3EBC-6027-468D-80E9-DC67C2DDC43D}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe FirewallRules: [{25F8D6D3-593D-4C66-ABB2-4F69734AB50A}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe FirewallRules: [TCP Query User{47A800BB-9A69-449E-ADCA-02D1EF6B4158}C:\program files (x86)\remote mouse\server\server.exe] => (Block) C:\program files (x86)\remote mouse\server\server.exe FirewallRules: [UDP Query User{89DA8BAA-AF29-408F-BD6A-C1FAA6BACB0C}C:\program files (x86)\remote mouse\server\server.exe] => (Block) C:\program files (x86)\remote mouse\server\server.exe FirewallRules: [TCP Query User{D5E04178-FA22-402E-A0C4-18F0BF26D5B7}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{84EACB54-CA8D-4776-9F36-776AB4F22BDB}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{4C354E2A-2029-4D57-88FB-3E7736EB9E90}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [UDP Query User{10BDD3FF-1512-4041-BC89-24CA0A6D7698}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [{A212A1E0-D66C-4E67-A6C4-D3B35CB5911D}] => (Allow) LPort=443 FirewallRules: [{83321F78-5C5B-45FE-8569-A1B2A3DBE554}] => (Allow) LPort=443 FirewallRules: [{170BCA24-0AF6-4002-A3E2-C18D806FE62D}] => (Allow) LPort=37674 FirewallRules: [{8F1E6D94-79DC-436B-90AA-EC8469E8059A}] => (Allow) LPort=37674 FirewallRules: [{BC487162-93D8-49F7-8946-97B92AA2F2D5}] => (Allow) LPort=37675 FirewallRules: [TCP Query User{B6062D5A-14D3-4DD8-9F0A-6B801E925E19}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [UDP Query User{16AFC1A5-925D-4D3D-8BC9-123603E85F49}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{0E98DD0C-2A26-4E8D-A321-1DC181C3CE43}] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{5CC40591-F176-4FEA-B746-11E46ADC7BCD}] => (Block) C:\program files (x86)\oovoo\oovoo.exe FirewallRules: [{F402D346-6752-428B-93F4-56CDB4A8B875}] => (Allow) LPort=67 FirewallRules: [{297017BE-49EA-44C7-BF16-C0E4C9EA56FF}] => (Allow) LPort=67 FirewallRules: [{3CE788F5-C90A-427B-B42C-4CC8974A0A1C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{B1D1BF94-7841-4B71-B68C-F990FDC97675}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{6C201758-65D3-496C-BF74-8D19A2DE0815}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe FirewallRules: [TCP Query User{7028E16E-2AB8-49C3-A16F-6C45A1F5B28C}C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [UDP Query User{40A4B34C-70F6-4FC1-8D6F-5C996A620D91}C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [{EBCCD0F4-DDDE-49B4-B4DA-9E80EE295A47}] => (Block) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [{0D1D3FCA-F8B2-446C-B41F-8161373385FF}] => (Block) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe FirewallRules: [{74599659-C978-4274-B6AB-6E57D0D39AE1}] => (Allow) C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{3C814CEC-57DF-41F4-B322-EA1AD0058126}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{F7635CDA-3F31-466A-93B0-8A7E1F51AE6A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe FirewallRules: [{F45DD3A5-F132-421E-9ACF-7BF6AD1585F3}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{CA5F3176-1CED-44F7-A084-897F69B31E54}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe FirewallRules: [{B5FF2154-9D3C-4C64-B2DA-A2F700E41513}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{30EEA9BB-D49D-4179-9558-7DB5BE723D85}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{D1667C3F-C73D-4BA3-8EDF-61CA929114C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [TCP Query User{F0616EC4-4B4E-4F7E-BFF7-99FF194FAABF}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe FirewallRules: [UDP Query User{53FAD9BD-93B6-40BF-AB85-D9A1A83FF0D7}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe FirewallRules: [TCP Query User{66E7C44E-3FBF-4A0F-B9E4-44D81263B67E}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe FirewallRules: [UDP Query User{B734F1DB-E79C-4657-91FB-954B6E32AC7C}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe FirewallRules: [{6E293948-F118-4C23-A121-DE2C964F8547}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B6ED1BCF-F57F-484E-9C18-F8A22565A52E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{07758992-CBE8-43B9-832E-57C1B8416EE3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{265A09BD-330A-4F3D-A1A7-9060310CA40A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DA988102-6203-49F0-AB5B-98B494A82E61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9CAA96A0-A095-4A33-A1BA-00D38B74167B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{163973E6-05B6-416B-9935-215FFF1C857C}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe FirewallRules: [{563D298A-C896-4768-9432-73BC0F2349A7}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/22/2017 12:17:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/22/2017 12:16:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (04/22/2017 12:10:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP) Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code. Error: (04/22/2017 12:10:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP) Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code. Error: (04/22/2017 12:10:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP) Description: Installing the performance counter strings for service <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122ee297-bb47-41ae-b265-1ca8d1886d40}'/><EventID>3009</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2017-04-22T20:10:52.332054900Z'/><EventRecordID>140933</EventRecordID><Correlation/><Execution ProcessID='2592' ThreadID='2092'/><Channel>Application</Channel><Computer>Melissa-HP</Computer><Security UserID='S-1-5-21-929916483-925240248-1123344957-1000'/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>BinaryData</DataItemName><EventPayload>4D0041005600200043006C00690065006E007400200050006500720066004D006F006E002000500072006F0076006900640065007200000008000000A1000000E4120000</EventPayload></ProcessingErrorData></Event> (%2) failed. The first DWORD in the Data section contains the error code. Error: (04/22/2017 04:36:03 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: Melissa-HP) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (04/22/2017 04:35:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: Melissa-HP) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 퉀3. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (04/22/2017 02:06:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (04/22/2017 01:41:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY) Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values. Error: (04/21/2017 11:26:02 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c). System errors: ============= Error: (04/22/2017 03:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:59:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:57:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:49:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:39:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:37:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:29:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:27:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (04/22/2017 02:19:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2016-10-05 04:31:51.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-05 04:31:51.445 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-04 18:27:30.053 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-04 18:27:29.913 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-04 12:03:58.254 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-04 12:03:58.208 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 12:15:16.084 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-10-03 12:15:16.006 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2010-01-01 02:00:51.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2010-01-01 02:00:51.913 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz Percentage of memory in use: 40% Total physical RAM: 6048.32 MB Available physical RAM: 3627.06 MB Total Virtual: 12094.85 MB Available Virtual: 9573.55 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:914.68 GB) (Free:628.7 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.74 GB) (Free:1.78 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 12F61082) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01 Ran by Melissa (administrator) on MELISSA-HP (22-04-2017 15:06:43) Running from C:\Users\Melissa\Desktop Loaded Profiles: Melissa (Available Profiles: Melissa) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe (Tweaking.com) C:\Users\Melissa\AppData\Local\Temp\Rar$EXa0.683\Tweaking.com - Windows Repair\WR_Tray_Icon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-02] (Microsoft Corp.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd) HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {0a39c459-1efb-11e4-9ddb-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {925ffeaa-88d0-11e5-8778-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {be9cbfe3-2a4e-11e3-ac10-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {ca5d80b1-c43d-11e1-953b-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {ca5d80c3-c43d-11e1-953b-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {de93a5f8-35ce-11e3-81e1-386077e3ece4} - F:\AutoRun.exe HKU\S-1-5-21-929916483-925240248-1123344957-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-11] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-11] (AVAST Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. Tcpip\Parameters: [DhcpNameServer] 192.168.22.1 Tcpip\..\Interfaces\{AA0487A2-2361-405E-9CED-810DCE023484}: [DhcpNameServer] 192.168.22.1 Tcpip\..\Interfaces\{C7B5EE25-8AA0-4985-ABBD-11689070E11D}: [DhcpNameServer] 192.168.22.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-929916483-925240248-1123344957-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/ HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {C8784315-A061-40BA-B53D-70E4B451D2CD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {C924AB42-FEB5-4B7C-9B01-EAF44295A60D} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-27] (Hewlett-Packard) BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-27] (Hewlett-Packard) Toolbar: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> No Name - {00000000-0000-0000-0000-000000000000} - No File Toolbar: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-19] (Cisco Systems, Inc.) Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-19] (Cisco Systems, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Zotero\Zotero\Profiles\lo7cgi93.default [2012-05-27] FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2012-04-10] [not signed] FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2012-04-10] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-05] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-05] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-02] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation) FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-07-11] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-23] (Skype Limited) FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.) FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: facebook.com/fbDesktopPlugin -> C:\Users\Melissa\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://mail.yahoo.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__ CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default [2017-04-22] CHR Extension: (Yahoo Web) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-31] CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Avast SafePrice) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-31] CHR Extension: (Google Docs Offline) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14] CHR Extension: (Avast Online Security) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06] CHR Extension: (Skype) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-05] CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27] CHR Extension: (Chrome Media Router) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-17] CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-17] CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27] CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05] CHR Extension: (Raindrops) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil [2014-01-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23] CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-05] CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-05] CHR Extension: (avast! WebRep) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-01-05] CHR Extension: (Skype Click to Call) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-23] CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-05] CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-05] CHR Extension: (Writer) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-03-24] CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-17] CHR Extension: (Google Slides) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-15] CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-15] CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-15] CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-15] CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-15] CHR Extension: (Google Sheets) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-15] CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-15] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-30] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-02] (Microsoft Corp.) S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-27] (Hewlett-Packard Company) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-14] (Lenovo) S3 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2013-07-26] (Microsoft Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-21] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-21] () S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-22] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-22] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-22] (Malwarebytes) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-22 15:06 - 2017-04-22 15:06 - 02426368 _____ (Farbar) C:\Users\Melissa\Desktop\FRST64.exe 2017-04-22 15:06 - 2017-04-22 15:06 - 00026696 _____ C:\Users\Melissa\Desktop\FRST.txt 2017-04-22 15:06 - 2017-04-22 15:06 - 00000000 ____D C:\FRST 2017-04-22 15:00 - 2017-04-22 15:00 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-04-22 12:23 - 2017-04-22 12:23 - 06293184 _____ (Piriform Ltd) C:\Users\Melissa\Downloads\spsetup130.exe 2017-04-21 12:02 - 2017-04-21 12:02 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MELISSA-HP-Windows-7-Home-Premium-(64-bit).dat 2017-04-21 12:02 - 2017-04-21 12:02 - 00000000 ____D C:\RegBackup 2017-04-21 11:02 - 2017-04-22 17:54 - 31157534 _____ C:\Users\Melissa\Desktop\tweaking.com_windows_repair_aio (1).zip 2017-04-21 10:47 - 2017-04-21 10:47 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2017-04-21 10:44 - 2017-04-21 10:44 - 00006986 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.44.06_log.txt 2017-04-21 10:34 - 2017-04-21 10:35 - 00006798 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.34.57_log.txt 2017-04-21 10:15 - 2017-04-21 10:16 - 00006798 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.15.14_log.txt 2017-04-21 09:58 - 2017-04-21 09:58 - 00006930 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_09.58.04_log.txt 2017-04-21 09:57 - 2017-04-22 16:45 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Melissa\Desktop\tdsskiller.exe 2017-04-21 09:52 - 2017-04-21 09:56 - 00003058 _____ C:\Users\Melissa\Desktop\unhide.txt 2017-04-21 07:47 - 2017-04-21 07:47 - 00000279 _____ C:\Users\Melissa\Desktop\int.bat 2017-04-21 07:44 - 2017-04-21 07:47 - 00000279 _____ C:\Users\Melissa\Desktop\wifi.bat.txt 2017-04-21 07:21 - 2017-04-21 07:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2017-04-21 07:21 - 2017-04-21 07:21 - 00000000 ____D C:\Program Files\HitmanPro 2017-04-21 07:19 - 2017-04-22 12:47 - 193695408 _____ (Kaspersky Lab) C:\Users\Melissa\Desktop\kav17.0.0.611abcden_12166.exe 2017-04-21 07:19 - 2017-04-22 12:06 - 11583584 _____ (SurfRight B.V.) C:\Users\Melissa\Desktop\hitmanpro_x64.exe 2017-04-21 07:19 - 2017-04-21 10:55 - 00000000 ____D C:\ProgramData\HitmanPro 2017-04-21 04:58 - 2017-04-22 02:40 - 00002888 _____ C:\Users\Melissa\Desktop\Rkill.txt 2017-04-21 04:57 - 2017-04-22 11:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Melissa\Desktop\rkill.exe 2017-04-21 04:55 - 2017-04-22 12:29 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-04-21 04:54 - 2017-04-22 12:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-04-21 04:54 - 2017-04-22 12:16 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-04-21 04:54 - 2017-04-21 11:11 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-04-21 04:54 - 2017-04-21 04:57 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-04-21 04:54 - 2017-04-21 04:54 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-04-21 04:54 - 2017-04-21 04:54 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-04-21 04:54 - 2017-04-21 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-04-21 04:53 - 2017-04-21 04:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-04-21 04:32 - 2017-04-21 04:32 - 00000000 _____ C:\Users\Melissa\AppData\Local\{2CC70B47-0845-49F3-A454-201E3E9ADEEA} 2017-04-20 01:26 - 2016-11-18 16:00 - 05470936 _____ (Piriform Ltd) C:\Users\Melissa\Desktop\Speccy.exe 2017-04-20 01:23 - 2017-04-20 01:23 - 00031175 _____ C:\Users\Melissa\Desktop\magic.txt 2017-04-20 01:22 - 2017-04-20 01:22 - 00000000 ____D C:\Users\Melissa\Desktop\m 2017-04-20 01:19 - 2017-04-20 01:18 - 00000730 _____ C:\Users\Melissa\Desktop\MiniToolBox.exe.lnk 2017-04-19 04:31 - 2017-04-19 04:31 - 00000000 ____D C:\bf2e69f1a9e9cdc61c608c689c76ce8d 2017-04-19 04:31 - 2017-04-19 04:31 - 00000000 ____D C:\80c12c89872a77e5b3 2017-04-19 04:29 - 2017-04-19 04:29 - 00000000 ____D C:\7558a627266cf825d48d426957c7 2017-04-19 04:29 - 2017-04-19 04:29 - 00000000 ____D C:\6979d8f20b5d0c7f1ff0 2017-04-19 04:12 - 2017-04-19 04:12 - 00001520 _____ C:\Users\Melissa\Documents\cc_20170419_041221.reg 2017-04-17 19:39 - 2017-04-17 19:39 - 00000642 _____ C:\Users\Melissa\Documents\cc_20170417_193949.reg 2017-04-17 19:36 - 2017-04-17 19:40 - 00000000 ____D C:\19cc8428a7876a1878ce 2017-04-17 19:31 - 2017-04-17 19:35 - 00000000 ____D C:\7cb8f2e6f807cf47a95f57c52a 2017-04-17 19:30 - 2017-04-17 19:35 - 00000000 ____D C:\04e5b96341600d1741dccad56a 2017-04-17 19:26 - 2017-04-17 19:26 - 00000196 _____ C:\Users\Melissa\Desktop\updates.txt 2017-04-17 19:25 - 2017-04-17 19:25 - 11313360 _____ (Microsoft Corporation) C:\Users\Melissa\Downloads\windowsupdateagent-7.6-x64.exe 2017-04-17 19:13 - 2017-04-17 19:13 - 00313366 _____ C:\Users\Melissa\Downloads\WindowsUpdateDiagnostic.diagcab 2017-04-17 17:12 - 2017-04-17 17:12 - 00000000 ____D C:\d7c65e83f5b2910191e5d07b1661486d 2017-04-17 16:15 - 2017-04-17 16:16 - 00313366 _____ C:\Users\Melissa\Downloads\WindowsUpdate.diagcab 2017-04-17 16:13 - 2017-04-17 16:13 - 00000000 ____D C:\b7a126b648be3f0badb839db694f2880 2017-04-17 16:09 - 2017-04-17 16:09 - 00000000 ____D C:\9d7c7e23f5c86a5949df04d535c2 2017-04-17 16:06 - 2017-04-17 16:07 - 30659457 _____ C:\Users\Melissa\Downloads\Windows6.1-KB3172605-x64.msu 2017-04-17 16:02 - 2017-04-17 16:03 - 09575735 _____ C:\Users\Melissa\Downloads\Windows6.1-KB3020369-x64.msu 2017-04-17 15:58 - 2017-04-17 15:58 - 00000571 _____ C:\Users\Melissa\Downloads\DeviceDiagnostic (1).diagcab 2017-04-17 15:54 - 2017-04-17 15:54 - 00000571 _____ C:\Users\Melissa\Downloads\DeviceDiagnostic.diagcab 2017-04-17 15:45 - 2017-04-17 15:45 - 00001045 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk.1492484757.old 2017-04-17 15:45 - 2017-04-17 15:45 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk.1492484757.old 2017-04-17 15:45 - 2017-04-17 15:45 - 00000464 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1492472747.job 2017-04-17 15:45 - 2017-04-17 15:45 - 00000342 _____ C:\Windows\Tasks\Avast Emergency Update.job 2017-04-17 15:45 - 2017-04-17 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2017-04-17 15:44 - 2017-04-11 19:37 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2017-04-17 14:48 - 2017-04-17 14:51 - 60107896 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-04-17 14:46 - 2017-04-22 02:03 - 00848996 _____ C:\Windows\ntbtlog.txt 2017-04-17 14:22 - 2017-04-17 14:22 - 00010830 _____ C:\Users\Melissa\Documents\cc_20170417_142208.reg 2017-04-17 14:22 - 2017-04-17 14:22 - 00000480 _____ C:\Users\Melissa\Documents\cc_20170417_142232.reg 2017-04-17 14:21 - 2017-04-17 14:21 - 00376574 _____ C:\Users\Melissa\Documents\cc_20170417_142129.reg 2017-04-17 14:12 - 2017-04-20 03:07 - 00000989 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-04-17 14:12 - 2017-04-17 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-04-17 14:12 - 2017-04-17 14:12 - 00000000 ____D C:\Program Files\CCleaner 2017-04-17 14:03 - 2017-04-17 14:03 - 00716456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Melissa\Downloads\autoruns.exe 2017-04-17 14:03 - 2017-04-17 14:03 - 00716456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Melissa\Downloads\autoruns (1).exe 2017-04-17 14:02 - 2017-04-17 14:02 - 01305227 _____ C:\Users\Melissa\Downloads\Autoruns (1).zip 2017-04-17 14:01 - 2017-04-17 14:01 - 01305227 _____ C:\Users\Melissa\Downloads\Autoruns.zip 2017-04-17 13:56 - 2009-07-13 17:39 - 00010240 _____ (Microsoft Corporation) C:\Users\Melissa\Desktop\reg.exe 2017-04-17 13:53 - 2017-04-17 13:53 - 00065232 _____ (Malwarebytes) C:\Users\Melissa\Downloads\regassassin-setup-1.03.exe 2017-04-17 13:50 - 2017-04-17 13:51 - 06508544 _____ C:\Users\Melissa\Downloads\agent_installer.msi 2017-04-17 10:52 - 2017-04-17 10:53 - 04089296 _____ C:\Users\Melissa\Downloads\adwcleaner_6.045.exe 2017-04-17 10:52 - 2017-04-17 10:52 - 09274608 _____ (Piriform Ltd) C:\Users\Melissa\Downloads\ccsetup528.exe 2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\Users\Melissa\Desktop\print proff 2017-04-16 21:53 - 2017-04-16 21:53 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-04-16 21:53 - 2017-04-16 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-04-16 21:52 - 2017-04-16 21:53 - 00000000 ____D C:\Program Files\iTunes 2017-04-16 20:39 - 2017-04-16 20:39 - 00221662 _____ C:\Users\Melissa\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab 2017-04-16 19:24 - 2017-04-16 19:39 - 257659208 _____ (Apple Inc.) C:\Users\Melissa\Downloads\iTunes64Setup.exe 2017-04-15 22:59 - 2017-04-21 04:53 - 00000000 ____D C:\Program Files\Malwarebytes 2017-04-15 22:53 - 2017-04-15 22:56 - 60107896 _____ (Malwarebytes ) C:\Users\Melissa\Documents\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-04-15 22:18 - 2017-04-15 22:22 - 55072288 _____ C:\Users\Melissa\Downloads\wizard_64.zip 2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\Program Files (x86)\GUM7AE.tmp 2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 _____ C:\Program Files (x86)\GUT7AF.tmp 2017-04-12 20:28 - 2017-04-12 20:32 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096 (2).exe 2017-04-12 19:31 - 2017-04-12 19:31 - 00566128 _____ (Malwarebytes) C:\Users\Melissa\Downloads\mbam-clean-2.3.0.1001.exe 2017-04-12 19:27 - 2017-04-12 19:30 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096 (1).exe 2017-04-12 16:12 - 2017-04-12 16:15 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe 2017-04-12 16:02 - 2012-10-22 09:02 - 729397566 _____ C:\Users\Melissa\Desktop\Chicago.mkv 2017-04-12 09:28 - 2017-04-12 09:28 - 00000000 ____D C:\$AV_ASW 2017-04-11 19:48 - 2017-04-11 19:48 - 00109734 _____ C:\Users\Melissa\Downloads\5913-60110-2015.pdf 2017-04-11 14:40 - 2017-04-10 16:43 - 00000760 _____ C:\Users\Melissa\Desktop\Melissa's Movies 2016.lnk 2017-04-10 16:43 - 2016-03-26 02:46 - 791242383 _____ C:\Users\Melissa\Desktop\Inside Out.mp4 2017-04-10 13:15 - 2017-04-10 13:16 - 00000000 ____D C:\Users\Melissa\Desktop\Cherry blossom festival 2017-04-10 13:10 - 2017-04-10 13:15 - 00000000 ____D C:\Users\Melissa\Desktop\San Francisco 2017-04-10 13:02 - 2017-04-10 13:10 - 00000000 ____D C:\Users\Melissa\Desktop\Washington Trip 2017-04-08 13:01 - 2017-04-21 04:30 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\yuibs 2017-04-07 09:21 - 2017-04-07 09:21 - 00046059 _____ C:\Users\Melissa\Documents\AutoInsuranceIdCards.pdf 2017-04-07 09:12 - 2017-04-07 09:12 - 00586317 _____ C:\Users\Melissa\Documents\AutoEsignDoc02_fix_view.pdf 2017-04-07 09:12 - 2017-04-07 09:12 - 00037197 _____ C:\Users\Melissa\Documents\AutoEsignDoc01_fix_view.pdf 2017-04-07 09:12 - 2017-04-07 09:12 - 00014672 _____ C:\Users\Melissa\Documents\AutoEsignDoc00_fix_view.pdf 2017-04-06 19:02 - 2017-04-06 19:02 - 00110553 _____ C:\Users\Melissa\Documents\Farmers Fast Quote.pdf 2017-04-06 18:51 - 2017-04-06 18:51 - 00098321 _____ C:\Users\Melissa\Documents\Quote_26412435.pdf 2017-04-06 18:45 - 2017-04-06 18:45 - 00108011 _____ C:\Users\Melissa\Documents\Your Quote-Printer Friendly - Renters Quote - State Farm.pdf 2017-04-04 11:19 - 2017-04-04 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-31 23:20 - 2017-03-31 23:20 - 00071871 _____ C:\Users\Melissa\Downloads\CRP_SCHOOL_REQ_RPT_CRP_SCHOOL_REQ_RPT.pdf 2017-03-31 23:20 - 2017-03-31 23:20 - 00032312 _____ C:\Users\Melissa\Documents\web_lic 2017-03-31 10:54 - 2017-03-31 10:54 - 00000010 _____ C:\Users\Melissa\Desktop\home bro number.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-22 14:55 - 2012-03-01 18:13 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job 2017-04-22 14:52 - 2012-07-13 03:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-04-22 14:26 - 2012-03-05 21:33 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job 2017-04-22 14:15 - 2014-01-05 06:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2017-04-22 14:13 - 2012-03-05 21:33 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job 2017-04-22 12:30 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-04-22 12:30 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-04-22 12:20 - 2009-07-13 21:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-22 12:16 - 2014-01-05 06:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2017-04-22 12:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-04-22 12:13 - 2012-03-09 16:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Skype 2017-04-22 12:05 - 2015-03-07 21:03 - 00000000 ____D C:\Users\Melissa\Documents\BRGY 2017-04-22 12:05 - 2013-08-10 20:29 - 00000000 ____D C:\Users\Melissa\Documents\Vuze Downloads 2017-04-22 12:05 - 2013-02-10 01:26 - 00000000 ____D C:\Users\Melissa\Desktop\Official 2017-04-22 12:05 - 2012-03-17 15:30 - 00000000 ___RD C:\Users\Melissa\Dropbox 2017-04-22 12:05 - 2012-02-26 21:38 - 00000000 ____D C:\Users\Melissa\Documents\Youcam 2017-04-22 12:04 - 2009-07-13 18:34 - 00000514 _____ C:\Windows\win.ini 2017-04-21 04:43 - 2012-05-15 11:52 - 00000000 ____D C:\Windows\pss 2017-04-20 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2017-04-20 14:08 - 2009-07-13 21:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-04-20 14:07 - 2012-02-28 18:45 - 00000000 ____D C:\Users\Melissa\AppData\Local\ElevatedDiagnostics 2017-04-20 03:07 - 2015-08-14 16:58 - 00002089 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-04-20 03:07 - 2014-09-19 01:55 - 00001825 _____ C:\Users\Public\Desktop\Recuva.lnk 2017-04-20 01:58 - 2012-03-18 11:22 - 00000000 ____D C:\Users\Melissa\AppData\Local\Paint.NET 2017-04-19 13:15 - 2012-02-27 20:37 - 00000000 ____D C:\Users\Melissa\AppData\Local\CrashDumps 2017-04-17 19:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-04-17 19:04 - 2009-07-13 18:34 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_bak_701 2017-04-17 15:07 - 2011-11-02 19:24 - 00000000 ____D C:\ProgramData\PDFC 2017-04-17 14:33 - 2013-11-16 22:42 - 00000000 ____D C:\AdwCleaner 2017-04-17 14:19 - 2012-06-13 13:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\TeamViewer 2017-04-17 14:19 - 2012-03-04 18:07 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Azureus 2017-04-17 14:19 - 2012-03-04 15:56 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite 2017-04-17 14:18 - 2012-03-04 19:47 - 00000000 ____D C:\Windows\Minidump 2017-04-17 14:18 - 2011-02-11 09:00 - 00000000 ____D C:\Windows\Panther 2017-04-16 21:52 - 2012-02-27 20:29 - 00000000 ____D C:\Program Files\iPod 2017-04-16 20:22 - 2012-03-01 18:19 - 00000000 ____D C:\Program Files\Common Files\Apple 2017-04-16 19:50 - 2012-02-27 20:15 - 00000000 ____D C:\Program Files\Bonjour 2017-04-16 19:50 - 2012-02-27 20:15 - 00000000 ____D C:\Program Files (x86)\Bonjour 2017-04-15 23:42 - 2013-11-29 17:28 - 00001003 _____ C:\Users\Melissa\Desktop\magicJack.lnk 2017-04-15 23:42 - 2013-11-29 17:28 - 00000989 _____ C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2017-04-15 23:42 - 2013-11-29 17:03 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\mjusbsp 2017-04-12 19:23 - 2014-12-11 05:51 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-04-12 19:20 - 2012-11-28 16:02 - 00000000 ____D C:\ProgramData\AVAST Software 2017-04-12 16:30 - 2012-02-26 21:04 - 00000000 ____D C:\Users\Melissa 2017-04-12 15:56 - 2012-12-19 00:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\vlc 2017-04-12 09:28 - 2016-05-26 05:24 - 00000000 ____D C:\Users\Melissa\AppData\Local\{C72D5149-2621-0226-5EA1-966F3DE68952} 2017-04-04 11:19 - 2016-06-14 04:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk 2017-04-04 11:19 - 2012-03-09 16:18 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-04-04 11:19 - 2011-11-02 19:12 - 00000000 ____D C:\ProgramData\Skype 2017-04-04 11:16 - 2015-11-09 06:09 - 00000000 ____D C:\ProgramData\Package Cache 2017-04-04 10:56 - 2014-01-05 06:28 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-04-04 10:56 - 2014-01-05 06:28 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2017-04-12 21:16 - 2017-04-12 21:16 - 0000000 _____ () C:\Program Files (x86)\GUT7AF.tmp 2016-12-16 14:16 - 2016-12-16 14:16 - 7680000 _____ () C:\Program Files (x86)\GUT8C0A.tmp 2016-05-20 14:15 - 2016-05-20 14:15 - 6748160 _____ () C:\Program Files (x86)\GUTB28D.tmp 2016-08-06 22:15 - 2016-08-06 22:15 - 7065600 _____ () C:\Program Files (x86)\GUTD3E2.tmp 2016-02-06 15:15 - 2016-02-06 15:15 - 6871040 _____ () C:\Program Files (x86)\GUTD440.tmp 2015-12-13 16:15 - 2015-12-13 16:15 - 6420480 _____ () C:\Program Files (x86)\GUTEA8E.tmp 2017-04-21 04:32 - 2017-04-21 04:32 - 0000000 _____ () C:\Users\Melissa\AppData\Local\{2CC70B47-0845-49F3-A454-201E3E9ADEEA} 2015-07-14 14:26 - 2015-06-15 13:42 - 88789376 ___SH () C:\ProgramData\msjnc.exe Files to move or delete: ==================== C:\ProgramData\msjnc.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-16 00:41 ==================== End of FRST.txt ============================
  10. I've successfully followed all steps and it seems that my issue has been resolved. I'll get back to you in case of further problems, but as of now: Thank you very much for your assistance. Regards
  11. i must say after i run rogue my i don't have the generated trojan on my system any more
  12. Hello kfrabida and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop: Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK. Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu. Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop. Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs... Thank you, Kevin..
  13. Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" I`ll check those logs for remnants of Malwarebytes, list removal entries, when complete try Malwarebytes installation again.... Thank you, Kevin
  14. Did you also run JRT and Sophos AV, can I see those logs..
  15. I have now activated MWB premium on this pc. The key and licence ID have been accepted, although previous attempts all failed. However real time web protection has now been disabled on the Laptop and all attempts at starting it fail. Running Premium on three machines is like playing 'Wack-a-Mole': No sooner have you activated it on one pc, it gets de-activated on another, or the protection gets turned off. It is ridiculous to expect users to pay for such an unstable product; how can they have any confidence in it's claims to protect their pc's? Much more of this and I will go back to relying on MS Security Essentials and Defender - at least they don't keep switching off like MWB premium. Please keep this posting open and I will update it with whatever the outcome. It looks like there is a large number of users with similar problems, judging from the other posts on this forum.
  16. Hello again Ladyinmass, It would seem that your software "Outlook" is exploited and is responsible for the outbound calls, the reason for the blocks is the recipient domain is known to try and Phish PayPal information, maybe also other information with financial implications.... I`m not sure how Outlook is installed on your system but would recommend that you contact the MS Community website and ask there for advice, explain that Malwarebytes is blocking outbound calls from OutLook to a malicious Domain https://answers.microsoft.com/en-us You can clean up tools we have used as follows: Uninstall Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following item is checked: Remove disinfection tools <----- this will remove tools we have used. Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  17. Program is still running, do you think something is wrong?
  18. Here's the snip of my activation problem:
  19. I am having the same problem with CVS IMAG.ED4.NET 58908. I am not that good with this, so i will watch to see if there is a solution. Thanks.
  20. Hello again Dashke, I`m going to leave it up to the poster of the thread, if software is trying to call malicious domain I believe the block needs to happen. I`ll wait and see how the OP wants to handle this issue.... Thank you for replies, Kevin...
  21. After I downloaded the new fix for MBAM it seemed to take care of the problem on my HP Pavilion for a couple of days. Now its back. I have disabled this from starting through the services.msc. Sems to help some but not perfect. What is the solution here if there is one? My active processes are running in the 60's range.
  22. The issue also comes from Bed, Bath & Beyond emails. I had to permanently delete them out of my trash folder and unsubscribe to fix it. It's another legitimate company sending me what appears in every way to be safe correspondence that I requested. But to be safe (and not continually annoyed) I unsubscribed.
  23. Logs attached. Nothing found but files still appearing at a reduced rate. AdwCleaner[C0].txt Fixlog.txt malwarebytes_summary.txt
  24. Doing a Mb-Clean, installing again the recommended version, (3.0.6.1469), and running for two days on my Win 8.1 desktop indicates the problem of Malware Protection turning itself off is fixed. The last time it took three days for it to turn itself off, and should that happen again I will immediately collect the logs and send them to you. Malwarebytes 3.0.6.1469 is now running successfully on my Windows 7 laptop and my Windows 8.1 desktop. This is very encouraging that the major bugs appear to be gone.
  25. Hello @aggynet: Reference: https://www.malwarebytes.com/support/guides/mbam/Scan.html#custom The above will show you how to scan other partitions other than the system partition. Thank you.
  26. How can I get Malwarebytes to scan other drives (external/internal) as well as C/ drive on my Laptop
  27. Hello Kevin, If you want, you can add it to the exclusions list - https://www.malwarebytes.com/support/guides/mb/Settings3.html#exclusions
  1. Load more activity