Jump to content

Need help removing stubborn drive.bat/shortcut virus (trojan?)


Recommended Posts

Hello, hoping I could get some help with a drive.bat virus (trojan?). I've tried many things and I still don't think it's all gone. Windows update wasn't working, antimalware programs could only install and run in safemode, and now internet connection is turning on and off despite being fine on other devices. I've decided to do a clean install but I need to remove the drive.bat virus from my external hard drive, a usb, and 2 memory cards that were instantly infected upon plugging into the computer (this was before i realized it was infected). I need the hard drive to upload the backup to (honestly the only important files are pictures) and then do a clean install. I can't seem to get rid of the virus, though. Here are the things I have tried:

1. avast shows computer is clean. malwarebytes removed 7 viruses/trojans. adw cleaner removed a couple of stuff as well. cc cleaner found over 500 registry errors and i have fixed those. went into the registry itself to remove certain files (i suspect this has made the problem worse - can no longer open windows update and firewall)

2. ended suspicious start up processes 

3. ran hitman pro - found a couple of residual virus files and got rid of those

4. malwarebytes said external hard drive is clean although it isn't

5. have tried a couple of fixes that haven't worked for me (downloaded and ran kapersky tdsskiller which kept on freezing, tried downloading and installing kapersky antivirus which was freezing as well during install)

6. ran unhide.exe which revealed .ini and .bat files on desktop

i'm currently trying windows repair from tweaking.com but i don't know what my next step is. at this point i just need to clean out my external hard drive to do the clean install. thank you in advance. 

running windows 7 x64

Link to post
Share on other sites

Hello jigsawpuzzle500 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
Ran by Melissa (administrator) on MELISSA-HP (22-04-2017 15:06:43)
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Tweaking.com) C:\Users\Melissa\AppData\Local\Temp\Rar$EXa0.683\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-02] (Microsoft Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {0a39c459-1efb-11e4-9ddb-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {925ffeaa-88d0-11e5-8778-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {be9cbfe3-2a4e-11e3-ac10-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {ca5d80b1-c43d-11e1-953b-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {ca5d80c3-c43d-11e1-953b-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\MountPoints2: {de93a5f8-35ce-11e3-81e1-386077e3ece4} - F:\AutoRun.exe
HKU\S-1-5-21-929916483-925240248-1123344957-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-11] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-11] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2012-02-14] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{AA0487A2-2361-405E-9CED-810DCE023484}: [DhcpNameServer] 192.168.22.1
Tcpip\..\Interfaces\{C7B5EE25-8AA0-4985-ABBD-11689070E11D}: [DhcpNameServer] 192.168.22.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-929916483-925240248-1123344957-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-929916483-925240248-1123344957-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {C8784315-A061-40BA-B53D-70E4B451D2CD} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {C924AB42-FEB5-4B7C-9B01-EAF44295A60D} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-27] (Hewlett-Packard)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-27] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKU\S-1-5-21-929916483-925240248-1123344957-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-19] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-19] (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-30] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Zotero\Zotero\Profiles\lo7cgi93.default [2012-05-27]
FF Extension: (Zotero LibreOffice Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroOpenOfficeIntegration@zotero.org [2012-04-10] [not signed]
FF Extension: (Zotero Word for Windows Integration) - C:\Program Files (x86)\Zotero Standalone\extensions\zoteroWinWordIntegration@zotero.org [2012-04-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-05]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-05]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-07-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-23] (Skype Limited)
FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-929916483-925240248-1123344957-1000: facebook.com/fbDesktopPlugin -> C:\Users\Melissa\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://mail.yahoo.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (Yahoo Web) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-31]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Avast SafePrice) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14]
CHR Extension: (Avast Online Security) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-04-06]
CHR Extension: (Skype) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-31]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-05]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-17]
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-17]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-27]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-05]
CHR Extension: (Raindrops) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil [2014-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-05]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-05]
CHR Extension: (avast! WebRep) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-05]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-05]
CHR Extension: (Writer) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnengefjfhgcceajaepbjhanoojifmog [2014-03-24]
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-17]
CHR Extension: (Google Slides) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-15]
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-15]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-15]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-15]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-15]
CHR Extension: (Google Sheets) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-02] (Microsoft Corp.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [133936 2011-09-15] (Portrait Displays, Inc.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-27] (Hewlett-Packard Company)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2015-01-14] (Lenovo)
S3 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2013-07-26] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-04] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-21] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-04-21] ()
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-22] (Malwarebytes)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 15:06 - 2017-04-22 15:06 - 02426368 _____ (Farbar) C:\Users\Melissa\Desktop\FRST64.exe
2017-04-22 15:06 - 2017-04-22 15:06 - 00026696 _____ C:\Users\Melissa\Desktop\FRST.txt
2017-04-22 15:06 - 2017-04-22 15:06 - 00000000 ____D C:\FRST
2017-04-22 15:00 - 2017-04-22 15:00 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-04-22 12:23 - 2017-04-22 12:23 - 06293184 _____ (Piriform Ltd) C:\Users\Melissa\Downloads\spsetup130.exe
2017-04-21 12:02 - 2017-04-21 12:02 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MELISSA-HP-Windows-7-Home-Premium-(64-bit).dat
2017-04-21 12:02 - 2017-04-21 12:02 - 00000000 ____D C:\RegBackup
2017-04-21 11:02 - 2017-04-22 17:54 - 31157534 _____ C:\Users\Melissa\Desktop\tweaking.com_windows_repair_aio (1).zip
2017-04-21 10:47 - 2017-04-21 10:47 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-04-21 10:44 - 2017-04-21 10:44 - 00006986 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.44.06_log.txt
2017-04-21 10:34 - 2017-04-21 10:35 - 00006798 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.34.57_log.txt
2017-04-21 10:15 - 2017-04-21 10:16 - 00006798 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_10.15.14_log.txt
2017-04-21 09:58 - 2017-04-21 09:58 - 00006930 _____ C:\TDSSKiller.3.1.0.15_21.04.2017_09.58.04_log.txt
2017-04-21 09:57 - 2017-04-22 16:45 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Melissa\Desktop\tdsskiller.exe
2017-04-21 09:52 - 2017-04-21 09:56 - 00003058 _____ C:\Users\Melissa\Desktop\unhide.txt
2017-04-21 07:47 - 2017-04-21 07:47 - 00000279 _____ C:\Users\Melissa\Desktop\int.bat
2017-04-21 07:44 - 2017-04-21 07:47 - 00000279 _____ C:\Users\Melissa\Desktop\wifi.bat.txt
2017-04-21 07:21 - 2017-04-21 07:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-04-21 07:21 - 2017-04-21 07:21 - 00000000 ____D C:\Program Files\HitmanPro
2017-04-21 07:19 - 2017-04-22 12:47 - 193695408 _____ (Kaspersky Lab) C:\Users\Melissa\Desktop\kav17.0.0.611abcden_12166.exe
2017-04-21 07:19 - 2017-04-22 12:06 - 11583584 _____ (SurfRight B.V.) C:\Users\Melissa\Desktop\hitmanpro_x64.exe
2017-04-21 07:19 - 2017-04-21 10:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-21 04:58 - 2017-04-22 02:40 - 00002888 _____ C:\Users\Melissa\Desktop\Rkill.txt
2017-04-21 04:57 - 2017-04-22 11:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Melissa\Desktop\rkill.exe
2017-04-21 04:55 - 2017-04-22 12:29 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-04-21 04:54 - 2017-04-22 12:17 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-04-21 04:54 - 2017-04-22 12:16 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-21 04:54 - 2017-04-21 11:11 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-21 04:54 - 2017-04-21 04:57 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-04-21 04:54 - 2017-04-21 04:54 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-21 04:54 - 2017-04-21 04:54 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-21 04:54 - 2017-04-21 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-21 04:53 - 2017-04-21 04:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-21 04:32 - 2017-04-21 04:32 - 00000000 _____ C:\Users\Melissa\AppData\Local\{2CC70B47-0845-49F3-A454-201E3E9ADEEA}
2017-04-20 01:26 - 2016-11-18 16:00 - 05470936 _____ (Piriform Ltd) C:\Users\Melissa\Desktop\Speccy.exe
2017-04-20 01:23 - 2017-04-20 01:23 - 00031175 _____ C:\Users\Melissa\Desktop\magic.txt
2017-04-20 01:22 - 2017-04-20 01:22 - 00000000 ____D C:\Users\Melissa\Desktop\m
2017-04-20 01:19 - 2017-04-20 01:18 - 00000730 _____ C:\Users\Melissa\Desktop\MiniToolBox.exe.lnk
2017-04-19 04:31 - 2017-04-19 04:31 - 00000000 ____D C:\bf2e69f1a9e9cdc61c608c689c76ce8d
2017-04-19 04:31 - 2017-04-19 04:31 - 00000000 ____D C:\80c12c89872a77e5b3
2017-04-19 04:29 - 2017-04-19 04:29 - 00000000 ____D C:\7558a627266cf825d48d426957c7
2017-04-19 04:29 - 2017-04-19 04:29 - 00000000 ____D C:\6979d8f20b5d0c7f1ff0
2017-04-19 04:12 - 2017-04-19 04:12 - 00001520 _____ C:\Users\Melissa\Documents\cc_20170419_041221.reg
2017-04-17 19:39 - 2017-04-17 19:39 - 00000642 _____ C:\Users\Melissa\Documents\cc_20170417_193949.reg
2017-04-17 19:36 - 2017-04-17 19:40 - 00000000 ____D C:\19cc8428a7876a1878ce
2017-04-17 19:31 - 2017-04-17 19:35 - 00000000 ____D C:\7cb8f2e6f807cf47a95f57c52a
2017-04-17 19:30 - 2017-04-17 19:35 - 00000000 ____D C:\04e5b96341600d1741dccad56a
2017-04-17 19:26 - 2017-04-17 19:26 - 00000196 _____ C:\Users\Melissa\Desktop\updates.txt
2017-04-17 19:25 - 2017-04-17 19:25 - 11313360 _____ (Microsoft Corporation) C:\Users\Melissa\Downloads\windowsupdateagent-7.6-x64.exe
2017-04-17 19:13 - 2017-04-17 19:13 - 00313366 _____ C:\Users\Melissa\Downloads\WindowsUpdateDiagnostic.diagcab
2017-04-17 17:12 - 2017-04-17 17:12 - 00000000 ____D C:\d7c65e83f5b2910191e5d07b1661486d
2017-04-17 16:15 - 2017-04-17 16:16 - 00313366 _____ C:\Users\Melissa\Downloads\WindowsUpdate.diagcab
2017-04-17 16:13 - 2017-04-17 16:13 - 00000000 ____D C:\b7a126b648be3f0badb839db694f2880
2017-04-17 16:09 - 2017-04-17 16:09 - 00000000 ____D C:\9d7c7e23f5c86a5949df04d535c2
2017-04-17 16:06 - 2017-04-17 16:07 - 30659457 _____ C:\Users\Melissa\Downloads\Windows6.1-KB3172605-x64.msu
2017-04-17 16:02 - 2017-04-17 16:03 - 09575735 _____ C:\Users\Melissa\Downloads\Windows6.1-KB3020369-x64.msu
2017-04-17 15:58 - 2017-04-17 15:58 - 00000571 _____ C:\Users\Melissa\Downloads\DeviceDiagnostic (1).diagcab
2017-04-17 15:54 - 2017-04-17 15:54 - 00000571 _____ C:\Users\Melissa\Downloads\DeviceDiagnostic.diagcab
2017-04-17 15:45 - 2017-04-17 15:45 - 00001045 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk.1492484757.old
2017-04-17 15:45 - 2017-04-17 15:45 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk.1492484757.old
2017-04-17 15:45 - 2017-04-17 15:45 - 00000464 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1492472747.job
2017-04-17 15:45 - 2017-04-17 15:45 - 00000342 _____ C:\Windows\Tasks\Avast Emergency Update.job
2017-04-17 15:45 - 2017-04-17 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-04-17 15:44 - 2017-04-11 19:37 - 00399944 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-04-17 14:48 - 2017-04-17 14:51 - 60107896 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-17 14:46 - 2017-04-22 02:03 - 00848996 _____ C:\Windows\ntbtlog.txt
2017-04-17 14:22 - 2017-04-17 14:22 - 00010830 _____ C:\Users\Melissa\Documents\cc_20170417_142208.reg
2017-04-17 14:22 - 2017-04-17 14:22 - 00000480 _____ C:\Users\Melissa\Documents\cc_20170417_142232.reg
2017-04-17 14:21 - 2017-04-17 14:21 - 00376574 _____ C:\Users\Melissa\Documents\cc_20170417_142129.reg
2017-04-17 14:12 - 2017-04-20 03:07 - 00000989 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-17 14:12 - 2017-04-17 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-17 14:12 - 2017-04-17 14:12 - 00000000 ____D C:\Program Files\CCleaner
2017-04-17 14:03 - 2017-04-17 14:03 - 00716456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Melissa\Downloads\autoruns.exe
2017-04-17 14:03 - 2017-04-17 14:03 - 00716456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Melissa\Downloads\autoruns (1).exe
2017-04-17 14:02 - 2017-04-17 14:02 - 01305227 _____ C:\Users\Melissa\Downloads\Autoruns (1).zip
2017-04-17 14:01 - 2017-04-17 14:01 - 01305227 _____ C:\Users\Melissa\Downloads\Autoruns.zip
2017-04-17 13:56 - 2009-07-13 17:39 - 00010240 _____ (Microsoft Corporation) C:\Users\Melissa\Desktop\reg.exe
2017-04-17 13:53 - 2017-04-17 13:53 - 00065232 _____ (Malwarebytes) C:\Users\Melissa\Downloads\regassassin-setup-1.03.exe
2017-04-17 13:50 - 2017-04-17 13:51 - 06508544 _____ C:\Users\Melissa\Downloads\agent_installer.msi
2017-04-17 10:52 - 2017-04-17 10:53 - 04089296 _____ C:\Users\Melissa\Downloads\adwcleaner_6.045.exe
2017-04-17 10:52 - 2017-04-17 10:52 - 09274608 _____ (Piriform Ltd) C:\Users\Melissa\Downloads\ccsetup528.exe
2017-04-17 10:44 - 2017-04-17 10:44 - 00000000 ____D C:\Users\Melissa\Desktop\print proff
2017-04-16 21:53 - 2017-04-16 21:53 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-16 21:53 - 2017-04-16 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-16 21:52 - 2017-04-16 21:53 - 00000000 ____D C:\Program Files\iTunes
2017-04-16 20:39 - 2017-04-16 20:39 - 00221662 _____ C:\Users\Melissa\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-04-16 19:24 - 2017-04-16 19:39 - 257659208 _____ (Apple Inc.) C:\Users\Melissa\Downloads\iTunes64Setup.exe
2017-04-15 22:59 - 2017-04-21 04:53 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-15 22:53 - 2017-04-15 22:56 - 60107896 _____ (Malwarebytes ) C:\Users\Melissa\Documents\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-04-15 22:18 - 2017-04-15 22:22 - 55072288 _____ C:\Users\Melissa\Downloads\wizard_64.zip
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 ____D C:\Program Files (x86)\GUM7AE.tmp
2017-04-12 21:16 - 2017-04-12 21:16 - 00000000 _____ C:\Program Files (x86)\GUT7AF.tmp
2017-04-12 20:28 - 2017-04-12 20:32 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096 (2).exe
2017-04-12 19:31 - 2017-04-12 19:31 - 00566128 _____ (Malwarebytes) C:\Users\Melissa\Downloads\mbam-clean-2.3.0.1001.exe
2017-04-12 19:27 - 2017-04-12 19:30 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096 (1).exe
2017-04-12 16:12 - 2017-04-12 16:15 - 59272008 _____ (Malwarebytes ) C:\Users\Melissa\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-12 16:02 - 2012-10-22 09:02 - 729397566 _____ C:\Users\Melissa\Desktop\Chicago.mkv
2017-04-12 09:28 - 2017-04-12 09:28 - 00000000 ____D C:\$AV_ASW
2017-04-11 19:48 - 2017-04-11 19:48 - 00109734 _____ C:\Users\Melissa\Downloads\5913-60110-2015.pdf
2017-04-11 14:40 - 2017-04-10 16:43 - 00000760 _____ C:\Users\Melissa\Desktop\Melissa's Movies 2016.lnk
2017-04-10 16:43 - 2016-03-26 02:46 - 791242383 _____ C:\Users\Melissa\Desktop\Inside Out.mp4
2017-04-10 13:15 - 2017-04-10 13:16 - 00000000 ____D C:\Users\Melissa\Desktop\Cherry blossom festival
2017-04-10 13:10 - 2017-04-10 13:15 - 00000000 ____D C:\Users\Melissa\Desktop\San Francisco
2017-04-10 13:02 - 2017-04-10 13:10 - 00000000 ____D C:\Users\Melissa\Desktop\Washington Trip
2017-04-08 13:01 - 2017-04-21 04:30 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\yuibs
2017-04-07 09:21 - 2017-04-07 09:21 - 00046059 _____ C:\Users\Melissa\Documents\AutoInsuranceIdCards.pdf
2017-04-07 09:12 - 2017-04-07 09:12 - 00586317 _____ C:\Users\Melissa\Documents\AutoEsignDoc02_fix_view.pdf
2017-04-07 09:12 - 2017-04-07 09:12 - 00037197 _____ C:\Users\Melissa\Documents\AutoEsignDoc01_fix_view.pdf
2017-04-07 09:12 - 2017-04-07 09:12 - 00014672 _____ C:\Users\Melissa\Documents\AutoEsignDoc00_fix_view.pdf
2017-04-06 19:02 - 2017-04-06 19:02 - 00110553 _____ C:\Users\Melissa\Documents\Farmers Fast Quote.pdf
2017-04-06 18:51 - 2017-04-06 18:51 - 00098321 _____ C:\Users\Melissa\Documents\Quote_26412435.pdf
2017-04-06 18:45 - 2017-04-06 18:45 - 00108011 _____ C:\Users\Melissa\Documents\Your Quote-Printer Friendly - Renters Quote - State Farm.pdf
2017-04-04 11:19 - 2017-04-04 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-31 23:20 - 2017-03-31 23:20 - 00071871 _____ C:\Users\Melissa\Downloads\CRP_SCHOOL_REQ_RPT_CRP_SCHOOL_REQ_RPT.pdf
2017-03-31 23:20 - 2017-03-31 23:20 - 00032312 _____ C:\Users\Melissa\Documents\web_lic
2017-03-31 10:54 - 2017-03-31 10:54 - 00000010 _____ C:\Users\Melissa\Desktop\home bro number.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-22 14:55 - 2012-03-01 18:13 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job
2017-04-22 14:52 - 2012-07-13 03:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-04-22 14:26 - 2012-03-05 21:33 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job
2017-04-22 14:15 - 2014-01-05 06:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-22 14:13 - 2012-03-05 21:33 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job
2017-04-22 12:30 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 12:30 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 12:20 - 2009-07-13 21:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-22 12:16 - 2014-01-05 06:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-22 12:16 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 12:13 - 2012-03-09 16:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Skype
2017-04-22 12:05 - 2015-03-07 21:03 - 00000000 ____D C:\Users\Melissa\Documents\BRGY
2017-04-22 12:05 - 2013-08-10 20:29 - 00000000 ____D C:\Users\Melissa\Documents\Vuze Downloads
2017-04-22 12:05 - 2013-02-10 01:26 - 00000000 ____D C:\Users\Melissa\Desktop\Official
2017-04-22 12:05 - 2012-03-17 15:30 - 00000000 ___RD C:\Users\Melissa\Dropbox
2017-04-22 12:05 - 2012-02-26 21:38 - 00000000 ____D C:\Users\Melissa\Documents\Youcam
2017-04-22 12:04 - 2009-07-13 18:34 - 00000514 _____ C:\Windows\win.ini
2017-04-21 04:43 - 2012-05-15 11:52 - 00000000 ____D C:\Windows\pss
2017-04-20 14:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-20 14:08 - 2009-07-13 21:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-04-20 14:07 - 2012-02-28 18:45 - 00000000 ____D C:\Users\Melissa\AppData\Local\ElevatedDiagnostics
2017-04-20 03:07 - 2015-08-14 16:58 - 00002089 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-04-20 03:07 - 2014-09-19 01:55 - 00001825 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-04-20 01:58 - 2012-03-18 11:22 - 00000000 ____D C:\Users\Melissa\AppData\Local\Paint.NET
2017-04-19 13:15 - 2012-02-27 20:37 - 00000000 ____D C:\Users\Melissa\AppData\Local\CrashDumps
2017-04-17 19:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-04-17 19:04 - 2009-07-13 18:34 - 00000826 _____ C:\Windows\system32\Drivers\etc\hosts_bak_701
2017-04-17 15:07 - 2011-11-02 19:24 - 00000000 ____D C:\ProgramData\PDFC
2017-04-17 14:33 - 2013-11-16 22:42 - 00000000 ____D C:\AdwCleaner
2017-04-17 14:19 - 2012-06-13 13:38 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\TeamViewer
2017-04-17 14:19 - 2012-03-04 18:07 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Azureus
2017-04-17 14:19 - 2012-03-04 15:56 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite
2017-04-17 14:18 - 2012-03-04 19:47 - 00000000 ____D C:\Windows\Minidump
2017-04-17 14:18 - 2011-02-11 09:00 - 00000000 ____D C:\Windows\Panther
2017-04-16 21:52 - 2012-02-27 20:29 - 00000000 ____D C:\Program Files\iPod
2017-04-16 20:22 - 2012-03-01 18:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-16 19:50 - 2012-02-27 20:15 - 00000000 ____D C:\Program Files\Bonjour
2017-04-16 19:50 - 2012-02-27 20:15 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-15 23:42 - 2013-11-29 17:28 - 00001003 _____ C:\Users\Melissa\Desktop\magicJack.lnk
2017-04-15 23:42 - 2013-11-29 17:28 - 00000989 _____ C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2017-04-15 23:42 - 2013-11-29 17:03 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\mjusbsp
2017-04-12 19:23 - 2014-12-11 05:51 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-04-12 19:20 - 2012-11-28 16:02 - 00000000 ____D C:\ProgramData\AVAST Software
2017-04-12 16:30 - 2012-02-26 21:04 - 00000000 ____D C:\Users\Melissa
2017-04-12 15:56 - 2012-12-19 00:18 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\vlc
2017-04-12 09:28 - 2016-05-26 05:24 - 00000000 ____D C:\Users\Melissa\AppData\Local\{C72D5149-2621-0226-5EA1-966F3DE68952}
2017-04-04 11:19 - 2016-06-14 04:44 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-04-04 11:19 - 2012-03-09 16:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-04-04 11:19 - 2011-11-02 19:12 - 00000000 ____D C:\ProgramData\Skype
2017-04-04 11:16 - 2015-11-09 06:09 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-04 10:56 - 2014-01-05 06:28 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-04 10:56 - 2014-01-05 06:28 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2017-04-12 21:16 - 2017-04-12 21:16 - 0000000 _____ () C:\Program Files (x86)\GUT7AF.tmp
2016-12-16 14:16 - 2016-12-16 14:16 - 7680000 _____ () C:\Program Files (x86)\GUT8C0A.tmp
2016-05-20 14:15 - 2016-05-20 14:15 - 6748160 _____ () C:\Program Files (x86)\GUTB28D.tmp
2016-08-06 22:15 - 2016-08-06 22:15 - 7065600 _____ () C:\Program Files (x86)\GUTD3E2.tmp
2016-02-06 15:15 - 2016-02-06 15:15 - 6871040 _____ () C:\Program Files (x86)\GUTD440.tmp
2015-12-13 16:15 - 2015-12-13 16:15 - 6420480 _____ () C:\Program Files (x86)\GUTEA8E.tmp
2017-04-21 04:32 - 2017-04-21 04:32 - 0000000 _____ () C:\Users\Melissa\AppData\Local\{2CC70B47-0845-49F3-A454-201E3E9ADEEA}
2015-07-14 14:26 - 2015-06-15 13:42 - 88789376 ___SH () C:\ProgramData\msjnc.exe

Files to move or delete:
====================
C:\ProgramData\msjnc.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-16 00:41

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01
Ran by Melissa (22-04-2017 15:07:11)
Running from C:\Users\Melissa\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-27 05:04:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-929916483-925240248-1123344957-500 - Administrator - Disabled)
Guest (S-1-5-21-929916483-925240248-1123344957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-929916483-925240248-1123344957-1006 - Limited - Enabled)
Melissa (S-1-5-21-929916483-925240248-1123344957-1000 - Administrator - Enabled) => C:\Users\Melissa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Ahead Client (HKLM-x32\...\com.ahead.client.desktopclient.gpu) (Version: 0.2.339 - UNKNOWN)
Ahead Client (x32 Version: 0.2.339 - UNKNOWN) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother BRAdmin Light 1.21.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0001 - Brother)
Brother MFL-Pro Suite MFC-J825DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.8.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Dropbox) (Version: 1.2.52 - Dropbox, Inc.)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP My Display (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.07.003 - Portrait Displays, Inc.)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.11052.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2462 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java(TM) 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic DVD Ripper V6.1.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
magicJack (HKU\S-1-5-21-929916483-925240248-1123344957-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.1072 - ooVoo LLC.)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 -  NewspaperDirect Inc.)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Remote Mouse version 1.12 (HKLM-x32\...\{F34EE6D2-9356-4294-B3B3-AE04428C8C43}_is1) (Version: 1.12 - Remote Mouse)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SDK (x32 Version: 2.28.007 - Portrait Displays, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.18.0 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Sun Broadband Wireless (HKLM-x32\...\Sun Broadband Wireless) (Version: 1.11.01.256 - Huawei Technologies Co.,Ltd)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12799 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.632 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VSDC Free Video Editor version 3.0.0.345 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.0.0.345 - Flash-Integro LLC)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.8.1.2 - Azureus Software, Inc.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Ripper 5.5.5 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zotero Standalone 3.0.3 (x86 en-US) (HKLM-x32\...\Zotero Standalone 3.0.3 (x86 en-US)) (Version: 3.0.3 - Zotero)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-929916483-925240248-1123344957-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04B319F7-BEDD-4145-950B-3A41CC0C4DB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {088C59A2-96DF-45B2-A486-9A790D1FF769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {09FFDAB4-FEF8-49FE-A8F6-36FF0EAA8867} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {140B9A44-1FE9-4B5F-B7CF-7120F7422D8A} - System32\Tasks\{87AABD36-E125-4F15-9F78-1CCD8C8C4627} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe"
Task: {300C7930-62A3-499E-8551-4DF3B8AD06E0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-17] (AVAST Software)
Task: {30F93E9B-CC09-42EF-AFB3-BC2E36F5722B} - \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater -> No File <==== ATTENTION
Task: {33FA7B26-D2F7-4934-9428-BE1E1C703796} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {39AF3712-0BDE-45CA-A7DE-8F8CC2EB22F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18] (Adobe Systems Incorporated)
Task: {56594045-28C6-4CFC-8177-5D6BB696279D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {645EE1A5-F68F-4ACF-8B97-F21AB4B0A0F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6CF48644-ECE3-4C08-91BD-26704EB97EA4} - \{A4FCBD0E-A1F0-4A6D-9AA9-C91364EF6D46} -> No File <==== ATTENTION
Task: {6EDED634-439E-4BDD-B8AE-2FE5AB517CA3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {70B0472C-EAF1-4FDE-AAF3-4DA0CD0162F2} - System32\Tasks\HPCeeScheduleForMelissa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe 
Task: {7B4D7B76-C1AE-43F4-A588-6E2309399415} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {844A25FA-13AD-4A6D-A4E6-403E8A45977F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A21F091D-3EED-4FA4-8CA5-FA490C02FFCF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A6F3C280-9383-457A-8EFF-D7C63391F0DE} - System32\Tasks\{36AF5152-5424-4F1B-B181-151476E9B035} => pcalua.exe -a E:\setup.exe -d E:\
Task: {A8E32FDD-841D-43D9-9980-44CB85325CFD} - System32\Tasks\{0771001D-FE57-423C-A6C9-F5C27EC1BFE1} => C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe 
Task: {AEC5D888-32C3-4C61-ABBB-50F8E007639B} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {B13A21D7-007C-4FF7-A098-2D7C7FB1E5A6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {BBDC4708-B82C-4AA3-827B-0DF37878FF73} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-09] (Lenovo)
Task: {C5E509AA-9C4D-4E55-85C2-49819B9F39AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe 
Task: {CBA1A9A8-33C7-4ACB-93BD-62A282FCC196} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CE8D1756-9C78-451D-BEE9-12D7FB8232B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {CF07B7D4-D8E2-4964-B14F-33C3F955EF3B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {E0127941-251D-4369-8BC5-F9F53A42926A} - System32\Tasks\{559A16E0-DFF4-491E-8783-CD325645AB1C} => C:\Program Files (x86)\Linksys EasyLink Advisor\LinksysAdvisor.exe 
Task: {E0479641-4E1E-4307-AF16-D5D4157BEDC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe 
Task: {E6BCB52B-E859-4BFC-8499-3D575FAC00B7} - System32\Tasks\{2B890EC8-7409-4A41-AC11-31363E85A180} => pcalua.exe -a "C:\Users\Melissa\Documents\Vuze Downloads\MicroSoft Office 2007 With Key by [TORRENTMAFIA.IN]\setup.exe" -d "C:\Users\Melissa\Documents\Vuze Downloads\MicroSoft Office 2007 With Key by [TORRENTMAFIA.IN]"
Task: {F6331FCF-3FEF-44E1-81E9-710C9F33298E} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {F6A666CF-AEE7-4D67-8F41-539290907DEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {F7E99BDF-215A-4501-9FD1-AA7571658648} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job => C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000Core.job => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929916483-925240248-1123344957-1000UA.job => C:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMelissa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1492472747.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Melissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Default Profile - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2012-03-02 20:05 - 2005-04-21 20:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2017-04-21 04:54 - 2017-04-21 11:11 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-04-21 04:54 - 2017-04-21 11:11 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-09-05 04:29 - 2014-09-04 19:55 - 00132808 _____ () C:\Users\Melissa\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2017-04-04 10:56 - 2017-03-28 18:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 10:56 - 2017-03-28 18:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2017-04-22 12:05 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-929916483-925240248-1123344957-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.22.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: aswbIDSAgent => 3
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: CalendarSynchService => 2
MSCONFIG\Services: DTSRVC => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPClientSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: LinksysUpdater => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: nmservice => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: PdiService => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: TeamViewer7 => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Start.lnk => C:\Windows\pss\Start.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\f0a075db-dd66-4b41-8950-5450ed16cc4c.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
MSCONFIG\startupreg: BeatsOSDApp => C:\Program Files\IDT\WDM\beats64.exe
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: cdloader => "C:\Users\Melissa\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: DT HPO => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
MSCONFIG\startupreg: Facebook Update => "C:\Users\Melissa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => C:\Users\Melissa\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: nmctxth => "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: Remote Mouse => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: {965D2816-0302-40D9-8BBA-C8BD05C90183} => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\CHLISNXIFMZMA').OLCBJCENKYDI)));

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5126439B-7CE2-4EAF-ABD5-1FA13DD12D5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{29EC7BE0-0D77-47EE-80EA-0B6B4DF990B9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe
FirewallRules: [{C8846004-B31F-46E5-8B9E-849761B515F5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{3A61A016-2973-47E8-BE41-3F46FE93B5A3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{AAEDF6C8-3719-428D-95D8-82078981B25E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D3348F52-0F6F-41FA-B199-17049CC04238}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{D9FA1CD4-6A43-4024-BADC-6323B15A1A00}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{DB1728AE-6248-4864-8C3C-C963B28C1570}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{B91CCC2F-C890-42F1-96B7-179C8C5319D2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{FFBFC9C8-68A3-41FD-AC9B-1F90C0F6982C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{09D1710F-84B6-4824-B4FD-EEE3DA5201F8}] => (Allow) LPort=2869
FirewallRules: [{8724E276-8227-4F38-AF43-3DDE5D608E1E}] => (Allow) LPort=1900
FirewallRules: [{5D20CC59-BBF8-4CE5-BF97-4272C8E0227B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0B1E426D-EFCC-462E-8031-095A4B1DA36D}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{9B1C0FB7-A652-494E-8AE3-C0B0E4E55641}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [{F4E186C4-29E1-43D7-B969-BECAEDF801CA}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{C9FF39C8-36B6-43E8-9CC8-637A84D2922A}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11a\FAXRX.exe
FirewallRules: [{20BCB65F-A6B1-4FBD-A6B4-27921E60F886}] => (Allow) LPort=54925
FirewallRules: [{0722868F-0759-4BDB-8D27-C345F3EED6B9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{5110B3A0-0327-42A5-B30D-E4C19D57BF5B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{4EA01BB6-9190-4A51-9EBB-9DAFAEACECEB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{CF29DA8E-CB2A-4793-8A89-9D61E0F7D285}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{19CF1D27-E9E7-4865-BED7-09CE9A4808B3}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1D137F51-FD2C-416E-B9F0-8826D6F3551D}] => (Allow) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F7DC3EBC-6027-468D-80E9-DC67C2DDC43D}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [{25F8D6D3-593D-4C66-ABB2-4F69734AB50A}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [TCP Query User{47A800BB-9A69-449E-ADCA-02D1EF6B4158}C:\program files (x86)\remote mouse\server\server.exe] => (Block) C:\program files (x86)\remote mouse\server\server.exe
FirewallRules: [UDP Query User{89DA8BAA-AF29-408F-BD6A-C1FAA6BACB0C}C:\program files (x86)\remote mouse\server\server.exe] => (Block) C:\program files (x86)\remote mouse\server\server.exe
FirewallRules: [TCP Query User{D5E04178-FA22-402E-A0C4-18F0BF26D5B7}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{84EACB54-CA8D-4776-9F36-776AB4F22BDB}C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\melissa\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4C354E2A-2029-4D57-88FB-3E7736EB9E90}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [UDP Query User{10BDD3FF-1512-4041-BC89-24CA0A6D7698}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe
FirewallRules: [{A212A1E0-D66C-4E67-A6C4-D3B35CB5911D}] => (Allow) LPort=443
FirewallRules: [{83321F78-5C5B-45FE-8569-A1B2A3DBE554}] => (Allow) LPort=443
FirewallRules: [{170BCA24-0AF6-4002-A3E2-C18D806FE62D}] => (Allow) LPort=37674
FirewallRules: [{8F1E6D94-79DC-436B-90AA-EC8469E8059A}] => (Allow) LPort=37674
FirewallRules: [{BC487162-93D8-49F7-8946-97B92AA2F2D5}] => (Allow) LPort=37675
FirewallRules: [TCP Query User{B6062D5A-14D3-4DD8-9F0A-6B801E925E19}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{16AFC1A5-925D-4D3D-8BC9-123603E85F49}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{0E98DD0C-2A26-4E8D-A321-1DC181C3CE43}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{5CC40591-F176-4FEA-B746-11E46ADC7BCD}] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{F402D346-6752-428B-93F4-56CDB4A8B875}] => (Allow) LPort=67
FirewallRules: [{297017BE-49EA-44C7-BF16-C0E4C9EA56FF}] => (Allow) LPort=67
FirewallRules: [{3CE788F5-C90A-427B-B42C-4CC8974A0A1C}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{B1D1BF94-7841-4B71-B68C-F990FDC97675}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{6C201758-65D3-496C-BF74-8D19A2DE0815}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query User{7028E16E-2AB8-49C3-A16F-6C45A1F5B28C}C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{40A4B34C-70F6-4FC1-8D6F-5C996A620D91}C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{EBCCD0F4-DDDE-49B4-B4DA-9E80EE295A47}] => (Block) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{0D1D3FCA-F8B2-446C-B41F-8161373385FF}] => (Block) C:\users\melissa\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{74599659-C978-4274-B6AB-6E57D0D39AE1}] => (Allow) C:\Users\Melissa\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{3C814CEC-57DF-41F4-B322-EA1AD0058126}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F7635CDA-3F31-466A-93B0-8A7E1F51AE6A}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\VideoEditor.exe
FirewallRules: [{F45DD3A5-F132-421E-9ACF-7BF6AD1585F3}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{CA5F3176-1CED-44F7-A084-897F69B31E54}] => (Allow) C:\Program Files (x86)\FlashIntegro\VideoEditor\Updater.exe
FirewallRules: [{B5FF2154-9D3C-4C64-B2DA-A2F700E41513}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{30EEA9BB-D49D-4179-9558-7DB5BE723D85}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{D1667C3F-C73D-4BA3-8EDF-61CA929114C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{F0616EC4-4B4E-4F7E-BFF7-99FF194FAABF}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe
FirewallRules: [UDP Query User{53FAD9BD-93B6-40BF-AB85-D9A1A83FF0D7}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe
FirewallRules: [TCP Query User{66E7C44E-3FBF-4A0F-B9E4-44D81263B67E}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe
FirewallRules: [UDP Query User{B734F1DB-E79C-4657-91FB-954B6E32AC7C}C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe] => (Block) C:\users\melissa\appdata\local\{c72d5149-2621-0226-5ea1-966f3de68952}\syshost.exe
FirewallRules: [{6E293948-F118-4C23-A121-DE2C964F8547}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B6ED1BCF-F57F-484E-9C18-F8A22565A52E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07758992-CBE8-43B9-832E-57C1B8416EE3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{265A09BD-330A-4F3D-A1A7-9060310CA40A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DA988102-6203-49F0-AB5B-98B494A82E61}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9CAA96A0-A095-4A33-A1BA-00D38B74167B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{163973E6-05B6-416B-9935-215FFF1C857C}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{563D298A-C896-4768-9432-73BC0F2349A7}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2017 12:17:00 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/22/2017 12:16:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (04/22/2017 12:10:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP)
Description: Installing the performance counter strings for service .NET CLR Networking 4.0.0.0 () failed. The first DWORD in the Data section contains the error code.

Error: (04/22/2017 12:10:56 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP)
Description: Installing the performance counter strings for service .NET Data Provider for Oracle () failed. The first DWORD in the Data section contains the error code.

Error: (04/22/2017 12:10:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: Melissa-HP)
Description: Installing the performance counter strings for service <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-LoadPerf' Guid='{122ee297-bb47-41ae-b265-1ca8d1886d40}'/><EventID>3009</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000000</Keywords><TimeCreated SystemTime='2017-04-22T20:10:52.332054900Z'/><EventRecordID>140933</EventRecordID><Correlation/><Execution ProcessID='2592' ThreadID='2092'/><Channel>Application</Channel><Computer>Melissa-HP</Computer><Security UserID='S-1-5-21-929916483-925240248-1123344957-1000'/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>BinaryData</DataItemName><EventPayload>4D0041005600200043006C00690065006E007400200050006500720066004D006F006E002000500072006F0076006900640065007200000008000000A1000000E4120000</EventPayload></ProcessingErrorData></Event> (%2) failed. The first DWORD in the Data section contains the error code.

Error: (04/22/2017 04:36:03 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: Melissa-HP)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/22/2017 04:35:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: Melissa-HP)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 퉀3. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/22/2017 02:06:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/22/2017 01:41:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (04/21/2017 11:26:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x8007043c).


System errors:
=============
Error: (04/22/2017 03:07:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:59:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:57:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:49:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:47:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:39:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:37:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:29:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:27:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (04/22/2017 02:19:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-10-05 04:31:51.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-05 04:31:51.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-04 18:27:30.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-04 18:27:29.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-04 12:03:58.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-04 12:03:58.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-03 12:15:16.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-03 12:15:16.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-01-01 02:00:51.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2010-01-01 02:00:51.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU G630 @ 2.70GHz
Percentage of memory in use: 40%
Total physical RAM: 6048.32 MB
Available physical RAM: 3627.06 MB
Total Virtual: 12094.85 MB
Available Virtual: 9573.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.68 GB) (Free:628.7 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.74 GB) (Free:1.78 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 12F61082)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Thank you so much for helping me out. I mentioned in my first post that I ran windows repair from tweaking.com. This has fixed some problems (can open programs in normal mode now, internet connection seems to be stable so far) but windows update still isn't working. Also, it's worth noting that this computer has been infected since november; it belongs to my parents and I was only able to take a look at it now. I found the offending file in the downloads folder that was dated November 6. Again, thank you so much for your help!

Link to post
Share on other sites

Thanks for those logs, continue with the following...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Please download Junkware Removal Tool to your desktop.
 
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Let me see those logs in your reply....

Thank you,

Kevin.

 

 

 

fixlist.txt

Link to post
Share on other sites

Thanks for the update jigsawpuzzle500, good to hear all is good now.. Run the following to clean up...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.