Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is infected PC Pro Cleaner?

Started by mackomd1 , Mar 17 2017 04:23 PM

  • Please log in to reply

#1
mackomd1
Posted 17 March 2017 - 04:23 PM

mackomd1

    New Member

  • Member
  • Pip
  • 2 posts

When using Firefox, a ton of new tabs will randomly start opening.  One I can remember is PC Pro Cleaner but there were so many.

Below are my FRST and Addition.txt notes. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by MELISSA (administrator) on STAYOFFMYLAPTOP (17-03-2017 18:05:06)
Running from C:\Users\MELISSA\Desktop
Loaded Profiles: MELISSA (Available Profiles: MELISSA)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
() C:\Program Files (x86)\Razer\Comms\RazerComms.exe
(Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer, Inc.) C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\NielsenOnline64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
() C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
() C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
() C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
() C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
() C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
() C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
() C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
() C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
() C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
() C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
() C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
() C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
() C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
() C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
() C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
() C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
() C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
() C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
() C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
() C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
() C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
() C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
() C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
() C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
(OldTimer Tools) C:\Users\MELISSA\Desktop\Spyware Removers\OTL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
() C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [202896 2016-12-30] (The Nielsen Company)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Cricut Design Space] => C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [421704 2016-09-26] (Provo Craft & Novelty, Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7025984 2015-12-18] ()
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-05] ()
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\RunOnce: [Uninstall C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-12-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{59bfb56f-bfba-402e-bb59-f42eea5652b7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956558233-2459589253-117431272-1001 -> {D11C762C-C567-4EF3-857E-BDA824E016DB} URL =
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-28] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 9xwaecix.default
FF ProfilePath: C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default [2017-03-17]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9xwaecix.default -> Search Provided by Yahoo
FF Homepage: Mozilla\Firefox\Profiles\9xwaecix.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> type", 1
FF Extension: (Pin It Button) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\[email protected] [2015-04-16] [not signed]
FF Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-03-15]
FF Extension: (QuickJava) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-10]
FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2017-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/",
         "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_15_51&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0DyDtAtAtAzytAyD0CtN0D0Tzu0StCyEyEyDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0DtC0EtDzztA0EtGyB0D0A0BtGtDtA0AzytGyD0ByC0AtG0AtDtByBtDzz0E0EtDtB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0AzyyE0D0D0DtG0BtAyDtAtGyEtDzzzztG0A0AyCyBtGzy0E0E0ByD0FtB0BtC0E0E0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D853261159%26a%3Dwbf_ir_15_51%26os%3DWindows%2B10%2BHome"
      
CHR Profile: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Floorplanner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-11-18]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-07-12]
CHR Extension: (Radio) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-18]
CHR Extension: (Theme Creator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-07-12]
CHR Extension: (Skype Calling) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-26]
CHR Extension: (App Launcher for Messenger) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllmngcdibgbgjnginpehneeofhbmdjm [2016-11-29]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Nielsen NetSight) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2016-12-08]
CHR Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-11-29]
CHR Extension: (Facebook Color Changer) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2015-11-18]
CHR Extension: (Google Tips) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2015-11-18]
CHR Extension: (Weebly - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Netflix) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-11-18]
CHR Extension: (Calculator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-07-12]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-11-18]
CHR Extension: (OfferUp) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeobddbjanlolglliphmmnffbloffop [2015-11-18]
CHR Extension: (Flowers) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaahnnffoganapbfkjfohaffjndgcamn [2015-02-01]
CHR Extension: (Pixlr-o-matic) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-11-18]
CHR Extension: (SPOTS - A better way to start) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2016-03-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (PicMonkey) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-06-25]
CHR Extension: (Full Screen Weather) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-29]
CHR Extension: (CloudConvert) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-08]
CHR Extension: (Music Player for Google Drive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2015-11-18]
CHR Extension: (Pixlr Express) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-11-18]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-11-30]
CHR Extension: (Crackle) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-11-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-11-18]
CHR Extension: (iPiccy Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-11-18]
CHR Extension: (Roomstyler 3D planner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2016-02-23]
CHR Extension: (Webflow - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabncpcembkecekibfmamlbogjefdnae [2015-11-18]
CHR Extension: (Autodesk Homestyler) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-09-01]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-11-18]
CHR Extension: (Canva) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2015-11-18]
CHR Extension: (Planner 5D - Interior Design) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-21]
CHR Extension: (Pocket) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-11-18]
CHR Extension: (Sunrise Calendar) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-11-18]
CHR Extension: (multifolder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfjlfpabnjllhcpgncdmbelnehboeki [2015-11-18]
CHR Extension: (OneDrive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Any.do) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-11-18]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-21]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-11-18]
CHR Extension: (Psykopaint) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Inbox by Gmail) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-01]
CHR HKLM\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-12-07] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-11-27] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3161744 2016-12-30] (The Nielsen Company)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-05] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [23696 2016-12-30] (The Nielsen Company)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [34960 2016-12-30] (The Nielsen Company)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-03] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
U0 ucfnjb; C:\WINDOWS\System32\drivers\wmyxxxi.sys [79064 2017-03-17] (Malwarebytes Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 18:05 - 2017-03-17 18:06 - 00029487 _____ C:\Users\MELISSA\Desktop\FRST.txt
2017-03-17 18:04 - 2017-03-17 18:05 - 00000000 ____D C:\FRST
2017-03-17 18:04 - 2017-03-17 18:04 - 02424832 _____ (Farbar) C:\Users\MELISSA\Desktop\FRST64.exe
2017-03-17 18:02 - 2017-03-17 18:02 - 00195038 _____ C:\Users\MELISSA\Desktop\OTL.Txt
2017-03-17 07:22 - 2017-03-17 07:22 - 00000000 ____D C:\Users\MELISSA\Downloads\SmitfraudFix
2017-03-17 07:17 - 2017-03-17 07:18 - 01872472 _____ C:\Users\MELISSA\Downloads\SmitfraudFix.exe
2017-03-17 07:15 - 2017-03-17 07:15 - 05659355 _____ (Swearware) C:\Users\MELISSA\Downloads\ComboFix.exe
2017-03-17 07:12 - 2017-03-17 07:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\MELISSA\Downloads\HiJackThis.exe
2017-03-17 07:10 - 2017-03-17 07:11 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-17 07:10 - 2017-03-17 07:10 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-17 07:10 - 2017-03-17 07:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 07:09 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-17 07:08 - 2017-03-17 07:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 07:05 - 2017-03-17 07:06 - 57131432 _____ (Malwarebytes ) C:\Users\MELISSA\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-17 06:57 - 2017-03-17 06:57 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\wmyxxxi.sys
2017-03-17 06:02 - 2017-03-17 06:03 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 002
2017-03-17 06:00 - 2017-03-17 06:00 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 001
2017-03-15 22:49 - 2017-03-15 22:49 - 00012864 ____N C:\bootsqm.dat
2017-03-10 11:32 - 2017-03-10 11:32 - 00000000 ____D C:\Users\MELISSA\Desktop\Power Of Attorney Van Title
2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Dynamsoft
2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Dynamsoft
2017-03-10 11:21 - 2017-03-10 11:21 - 01781272 _____ (Dynamsoft Corporation) C:\Users\MELISSA\Downloads\DynamicWebTWAINHTML5Edition.exe
2017-03-10 11:20 - 2017-03-10 11:20 - 00000000 ____D C:\Users\MELISSA\Desktop\Steve Greenfield Pay Stub
2017-03-10 11:15 - 2017-03-10 11:15 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-10 001

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-17 18:00 - 2015-01-31 15:59 - 00000000 ____D C:\Users\MELISSA\Desktop\Spyware Removers
2017-03-17 08:04 - 2016-09-29 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-17 07:08 - 2015-01-30 11:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 07:02 - 2016-11-21 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-17 06:57 - 2016-11-29 03:38 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Mozilla
2017-03-17 06:57 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\security
2017-03-17 06:57 - 2016-02-19 09:57 - 00000000 ____D C:\ProgramData\16bbc240
2017-03-17 06:46 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-15 23:01 - 2015-07-14 22:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-15 22:58 - 2016-10-15 01:07 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-15 22:57 - 2015-09-03 22:21 - 01011092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-15 22:54 - 2016-10-15 01:05 - 00000000 ____D C:\Users\MELISSA\AppData\Local\Overwolf
2017-03-15 22:52 - 2015-09-03 23:32 - 00000000 __SHD C:\Users\MELISSA\IntelGraphicsProfiles
2017-03-15 22:50 - 2016-09-29 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}
2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}
2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}
2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}
2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}
2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}
2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}
2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}
2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}
2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}
2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}
2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}
2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}
2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}
2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}
2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}
2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}
2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}
2017-03-10 11:19 - 2017-01-22 07:56 - 00000000 ____D C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}
2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}
2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}
2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}
2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}
2017-03-10 11:19 - 2017-01-21 06:47 - 00000000 ____D C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}
2017-03-10 11:19 - 2017-01-21 06:45 - 00000000 ____D C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}
2017-02-15 11:24 - 2016-09-29 17:55 - 00000000 ____D C:\Users\MELISSA
2017-02-15 11:23 - 2015-03-20 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-15 11:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

==================== Files in the root of some directories =======

2015-06-15 02:38 - 2015-06-15 02:38 - 0000077 _____ () C:\Users\MELISSA\AppData\Roaming\Camdata.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamLayout.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamShapes.ini
2015-06-15 02:32 - 2015-06-15 02:39 - 0004536 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.cfg
2015-06-15 02:37 - 2015-06-15 02:37 - 0000098 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.command
2015-06-15 02:38 - 2015-06-15 02:38 - 0000000 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.Data.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0001207 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.ini
2015-06-15 02:25 - 2015-06-15 02:25 - 0000096 _____ () C:\Users\MELISSA\AppData\Roaming\version2.xml
2016-09-29 17:49 - 2016-09-29 17:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\MELISSA\DB501421562943B29E87E17A3AA55E0D.dat
C:\Users\MELISSA\DDB911B1C7CA441D8220DA0BF2521CF7.dat
C:\Users\MELISSA\DFB13C17C85B943FE1319201432B6D7E.dat


Some files in TEMP:
====================
2017-01-26 06:52 - 2017-01-26 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\109087577.t.exe
2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\114397200.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\117680638.t.exe
2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\118445663.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\121754322.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\130401530.t.exe
2017-01-27 18:18 - 2017-01-27 18:18 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\20762209.t.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\2675474.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\27421117.t.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\33278308.t.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\53873459.t.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\54393553.t.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\56041400.t.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\70578395.t.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\84033259.t.exe
2016-10-06 00:20 - 2016-09-26 12:04 - 0214856 _____ (Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Local\Temp\CricutUtilCL.exe
2014-11-08 04:33 - 2015-01-24 05:30 - 0601088 _____ () C:\Users\MELISSA\AppData\Local\Temp\Quarantine.exe
2014-11-08 04:47 - 2014-10-17 07:39 - 0665682 _____ (SQLite Development Team) C:\Users\MELISSA\AppData\Local\Temp\sqlite3.dll
2016-10-15 01:06 - 2016-10-15 01:06 - 0065280 _____ () C:\Users\MELISSA\AppData\Local\Temp\utils.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-14 22:01

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by MELISSA (17-03-2017 18:07:24)
Running from C:\Users\MELISSA\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-29 22:37:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1956558233-2459589253-117431272-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1956558233-2459589253-117431272-503 - Limited - Disabled)
Guest (S-1-5-21-1956558233-2459589253-117431272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956558233-2459589253-117431272-1003 - Limited - Enabled)
MELISSA (S-1-5-21-1956558233-2459589253-117431272-1001 - Administrator - Enabled) => C:\Users\MELISSA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Chronicle (HKLM-x32\...\{5F968911-50CB-4633-95BF-FD8560E9BF96}) (Version: 1.5.0 - Jagex)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cricut Design Space Client (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Cricut Design Space Client) (Version: 3.2.1.0 - Provo Craft)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dynamic Web TWAIN HTML5 Edition (HKLM-x32\...\{B4D31736-4D13-4BCD-B050-7DD3E45C1650}) (Version: 11.1.831 - Dynamsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Icecream Screen Recorder version 1.47 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 1.47 - Icecream Apps)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.1.3000 - Maxthon International Limited)
Nielsen (HKLM-x32\...\NetSight) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
Pokki Start Menu (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Pokki_Start_Menu) (Version: 0.269.5.284 - Pokki)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports  (11/04/2015 2.0.0.0) (HKLM\...\F9008028528C059AEF07C6D89D45BB3C63057E83) (Version: 11/04/2015 2.0.0.0 - Provo Craft & Novelty, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1956558233-2459589253-117431272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0391BEB9-6AC3-403C-A60B-40D6D538C2EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0D3CCADB-E386-4E02-897D-7009A2410673} - System32\Tasks\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe [2017-01-27] () <==== ATTENTION
Task: {10905323-0300-4186-B73D-9E95DBF70298} - System32\Tasks\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe [2017-01-26] () <==== ATTENTION
Task: {150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} - System32\Tasks\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe [2017-01-21] () <==== ATTENTION
Task: {18C8D0D3-5A75-4F15-995F-F6AD463F9E51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {19B214DB-DF7D-4383-9996-AD3165DF3EF2} - System32\Tasks\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe [2017-01-22] () <==== ATTENTION
Task: {274B4521-9F39-4BC3-AF2A-550CA9C7A6EC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {2AF3ADA6-0785-4C88-9C14-EF55657B067E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} - System32\Tasks\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe [2017-01-26] () <==== ATTENTION
Task: {334E094A-12E8-43DB-BAFB-7E86BB33EF17} - System32\Tasks\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe [2017-01-22] () <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {373F1A19-80D8-4786-B7D4-35A77CC4DE19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
Task: {3B3010E6-9813-4167-BBD4-68D08CB485F1} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2016-10-25] (Maxthon International ltd.)
Task: {45AF1549-0727-4CA7-8100-773A26E12045} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
Task: {474EA57A-2756-47F5-B7A4-9D4CDC21E69A} - System32\Tasks\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe [2017-01-27] () <==== ATTENTION
Task: {48A1E01D-A72A-4268-A3BD-D784AA9E8379} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {586FEA0B-6F5A-4C04-8288-55152913AB81} - System32\Tasks\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe [2017-01-26] () <==== ATTENTION
Task: {5966C616-FA5C-48EC-8537-49B24EA875FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5A29FAFB-F6EC-486C-B203-0936F34DC71F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6793ECD1-5913-42FB-B512-4ECDA2F356BF} - System32\Tasks\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe [2017-01-27] () <==== ATTENTION
Task: {6904ED79-428A-4F92-A3DD-BEC235077348} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {6A810B0D-42D9-4649-A63B-297B9BEF87B7} - System32\Tasks\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe [2017-01-26] () <==== ATTENTION
Task: {743F9E1D-6773-4200-9D5A-9C618661AC85} - System32\Tasks\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe [2017-01-28] () <==== ATTENTION
Task: {752DF187-541C-4B04-957C-B7EBFD43F7B2} - System32\Tasks\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe [2017-01-27] () <==== ATTENTION
Task: {7955CE6B-B103-4D68-92ED-54214361F32A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-03] (Synaptics Incorporated)
Task: {79F2BB62-83FE-4B90-B9F4-AB8827396969} - System32\Tasks\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe [2017-01-28] () <==== ATTENTION
Task: {7CA36C8D-4322-42A5-A6F0-9CA836563B73} - System32\Tasks\{6377FA63-A286-4586-BC11-393CD0BCD97A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {90CED535-E6A7-4898-A78A-F0DC0495B1B1} - System32\Tasks\{0C3F35D2-16C9-405A-9AA3-8335DCBB9B69} => pcalua.exe -a C:\Users\MELISSA\AppData\Local\Pokki\Uninstall.exe
Task: {981F2511-39C3-419D-83A4-50EAB4FF93A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9C12F2D5-3F64-4AE5-885E-D580BC3CB821} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E659FAF-FCE7-4C75-A884-27B5617FFDF7} - System32\Tasks\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\16bbc240\3db4b5a7.dll" <==== ATTENTION
Task: {9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} - \WPD\SqmUpload_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
Task: {9EEF332A-0305-4846-8ED9-3F7EBB2DDB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
Task: {9F6D1A3A-1935-439F-8192-74384D6BEBCE} - System32\Tasks\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe [2017-01-28] () <==== ATTENTION
Task: {A0BE6F80-787A-4726-A452-82E13BAD4FFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0F79657-B8C3-4030-8351-6437CE0ABB7E} - System32\Tasks\{9FCB943D-2860-2396-D613-C162EF66EA83} => C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe [2017-01-27] () <==== ATTENTION
Task: {A7960F74-DC2D-4D46-A2C7-9C0536A04056} - System32\Tasks\{6324C194-D48F-763F-011D-D9340B96052C} => C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe [2017-01-25] () <==== ATTENTION
Task: {BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} - System32\Tasks\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe [2017-01-22] () <==== ATTENTION
Task: {BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} - System32\Tasks\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe [2017-01-27] () <==== ATTENTION
Task: {CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} - System32\Tasks\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe [2017-01-21] () <==== ATTENTION
Task: {CACB0520-1E9B-4A0F-8346-212EE3581F56} - System32\Tasks\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe [2017-01-22] () <==== ATTENTION
Task: {CC66B77A-B72B-4975-BBAC-A0058418F70F} - System32\Tasks\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe [2017-01-26] () <==== ATTENTION
Task: {CE1498A1-773C-4129-BE0B-251F0AEEDD13} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D273C52A-3710-4E1A-BA2F-AB2287C222AE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-05] (Overwolf LTD)
Task: {D32EB657-EBD9-4741-90ED-0AE811F64E80} - System32\Tasks\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe [2017-01-22] () <==== ATTENTION
Task: {DFDDE333-B0A3-483E-9266-735041CAE66A} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {E2707D30-BBA1-45F5-9E16-205F51144B38} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {E678B56F-D9F3-45B5-BA6D-525BC73FE57D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {E816A543-5BC5-420F-BDAD-EC29F392262E} - System32\Tasks\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe [2017-01-26] () <==== ATTENTION
Task: {EA424FF9-A81F-48B1-8046-1D77E1678274} - System32\Tasks\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe [2017-01-25] () <==== ATTENTION
Task: {F746419A-5EEF-40A0-897B-6AF058357D14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F8E13180-FC1C-424E-8E15-B88876F32503} - System32\Tasks\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe [2017-01-28] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\App Launcher for Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bllmngcdibgbgjnginpehneeofhbmdjm
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-12-18 01:15 - 2015-12-18 01:15 - 07025984 _____ () C:\Program Files (x86)\Razer\Comms\RazerComms.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
2017-01-21 06:47 - 2017-01-21 06:47 - 00986624 _____ () C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
2017-01-21 06:45 - 2017-01-21 06:45 - 01373184 ____N () C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
2017-01-27 18:18 - 2017-01-27 18:18 - 00986624 _____ () C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
2017-01-27 18:18 - 2017-01-27 18:20 - 00986624 _____ () C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
2017-01-22 07:56 - 2017-01-22 07:56 - 01373184 ____N () C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
2017-03-17 07:22 - 2008-05-27 23:17 - 00003584 _____ () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
2017-03-17 07:08 - 2017-03-17 07:06 - 01192400 _____ () C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
2017-03-17 07:03 - 2017-03-17 07:06 - 01192400 ____N () C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
2017-03-17 06:14 - 2017-03-17 06:15 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-17 06:14 - 2017-03-17 06:15 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-17 06:14 - 2017-03-17 06:15 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-17 06:14 - 2017-03-17 06:15 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-29 21:35 - 2016-09-29 21:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-22 08:30 - 2016-12-21 03:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-22 08:30 - 2016-12-21 02:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-22 08:30 - 2016-12-21 02:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-21 01:38 - 2015-08-27 17:30 - 40622592 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libcef.dll
2017-03-05 04:56 - 2017-03-05 04:56 - 67310648 _____ () C:\Program Files (x86)\Overwolf\0.103.32.0\libcef.DLL
2016-10-21 01:38 - 2015-08-27 17:30 - 00911360 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libglesv2.dll
2016-10-21 01:38 - 2015-08-27 17:30 - 00134144 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-01-05 14:25 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TSSSrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeNotify"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_81FC116245CE5C543934A0C94EE6D6B3"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{086B4BA1-5547-49E7-BC6E-DB4F68B2C740}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{8C3C76D9-341D-42AF-BA3D-65C2F25AD778}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [UDP Query User{0578F204-2D93-4448-B0EF-ABBEA689EC23}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [TCP Query User{550B6164-33D8-4C4D-B898-9C12105CC9A1}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{7624BBA6-2F6F-45E4-8A96-5B5CFBDBEACC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{638FC31B-BE3B-4023-83E4-6B299D3150B1}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F1EDC2AB-5FB8-4F80-B54B-99D5672629EA}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{E49F4391-7130-43B4-AA1D-C5328A2BCCD7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{31CAEE89-5377-4EDA-86E5-F1E5BCD4DD33}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{759FD0EF-2B8E-4103-93AF-78A8129F4906}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68EFAB0B-7EAB-46A5-AE81-AC5B3F0995EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79BB38C2-E12A-4591-8317-1A3B71206FC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
FirewallRules: [{98BC0562-3506-44C9-922D-5BC099EF5212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
FirewallRules: [UDP Query User{35B993E4-BCA7-4563-BC61-D8F358EDA0DA}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7120017F-6677-4E2E-9042-B1D02B373FAC}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{152F1FEF-843D-4C29-9DB0-E9D733EA8CBD}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
FirewallRules: [TCP Query User{BD382E5A-7129-4220-B9D9-31F3050FAA53}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
FirewallRules: [UDP Query User{5C3121F8-774B-4C4F-88E7-6FA2BAA8C5E4}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
FirewallRules: [TCP Query User{156F5660-3C57-4E03-B9BC-9749E5CCE964}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
FirewallRules: [UDP Query User{14218FCD-C652-40D6-BC36-481725DE7BE9}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{8CEC814B-E0A2-47EA-85A5-31C2BD0B4F85}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [{A658488A-5CBC-46A0-9B52-2A8D7C32A047}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFDABC1E-E777-49E8-8072-88893E18E857}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FFDCFEAA-5D94-493C-9391-AF8DF0C32F83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{95606AC7-A616-4DB4-AEBD-F0473EED84C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{EBDDD9BD-E66C-407C-AD11-71E480F7DECB}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DFDB259D-F688-42CB-A80C-A3C9C248333E}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0B992E45-6653-4416-BDFA-A4A729425D33}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C5D505EA-43B6-4300-BE82-7F8FDC3AC480}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{04BEC408-E6F6-4679-A104-8452BFAB6A10}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1BF59C2D-0E2B-454D-B7F9-B58948964C94}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BBA03D95-8073-4208-A7F1-C8CA37E59642}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{734561E9-D1A3-4055-9546-A3E8C5D60FBC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{A0AB1ECF-1804-45B2-8072-CDB352AC689D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{CEEA716C-191C-4E69-A75A-55B13ED48251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74B67271-C80F-45EE-988C-8E15FB89D561}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1472E9B-AF3F-438C-B713-CABB221320C8}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
FirewallRules: [UDP Query User{F938384D-51C9-49B9-BAD1-17D2507798E6}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
FirewallRules: [{AA2149C3-4B46-4462-8C23-D761F03201E1}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{471D150C-08A5-4FD0-8373-0DBEF6112E34}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{7E08E2B5-835C-4AE6-977C-A5991BFE9342}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{3353F4B3-5C92-4040-A112-C617512518FB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{A5116747-72FB-487E-BFB0-DD9482C3501B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{166A5E2C-6810-47EA-954A-97987FEA93BF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{D6A94E67-FF06-43D6-A5E1-1C64017F306F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{093D3EB7-C3BB-4454-8AFD-06923972958F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{8A1492F8-112C-463D-BCC5-4D285D1C7890}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-01-2017 14:48:51 Scheduled Checkpoint
22-01-2017 09:09:14 Windows Update
27-01-2017 09:20:22 Windows Update
10-03-2017 11:22:45 Installed Dynamic Web TWAIN HTML5 Edition
17-03-2017 07:02:36 Removed Chronicle

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2017 07:03:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/17/2017 05:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 05:34:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/10/2017 11:23:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/10/2017 10:11:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (02/15/2017 11:26:47 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (02/15/2017 11:26:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/15/2017 11:26:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (03/17/2017 08:08:21 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (03/17/2017 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.

Error: (03/15/2017 11:09:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/15/2017 10:55:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/15/2017 10:52:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/15/2017 10:50:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:41:25 PM on ‎3/‎15/‎2017 was unexpected.

Error: (03/10/2017 11:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/10/2017 11:18:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.

Error: (03/10/2017 11:16:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Error: (03/10/2017 11:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-02-14 19:51:41.686
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-14 19:51:41.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-14 19:51:41.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:08.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:08.401
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:08.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:07.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:07.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:07.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-01 18:29:07.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 56%
Total physical RAM: 3982.88 MB
Available physical RAM: 1736.91 MB
Total Virtual: 5390.88 MB
Available Virtual: 2731.5 MB

==================== Drives ================================

Drive c: (TI10700000B) (Fixed) (Total:455.15 GB) (Free:389.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 


  • 0

Advertisements

#2
RKinner
Posted 20 March 2017 - 09:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=84460:fixlist.txt]
 
Run FRST and press Fix
A fix log will be generated please post that 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
    •  
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #3
    mackomd1
    Posted 21 March 2017 - 09:08 AM

    mackomd1

      New Member

    • Topic Starter
    • Member
    • Pip
    • 2 posts

    all logs are below

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by MELISSA (21-03-2017 09:54:38) Run:1
    Running from C:\Users\MELISSA\Desktop\Spyware Removers
    Loaded Profiles: MELISSA (Available Profiles: MELISSA)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [DhcpNameServer] 82.163.143.176
    Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [DhcpNameServer] 82.163.143.176
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1956558233-2459589253-117431272-1001 -> {D11C762C-C567-4EF3-857E-BDA824E016DB} URL =
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-28] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-28] (Oracle Corporation)
    FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> socks_remote_dns", true
    FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> type", 1
    FF Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-03-15]FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2017-03-17]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected]
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
    CHR StartupUrls: Default -> "hxxp://google.com/",
             "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_15_51&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0DyDtAtAtAzytAyD0CtN0D0Tzu0StCyEyEyDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0DtC0EtDzztA0EtGyB0D0A0BtGtDtA0AzytGyD0ByC0AtG0AtDtByBtDzz0E0EtDtB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0AzyyE0D0D0DtG0BtAyDtAtGyEtDzzzztG0A0AyCyBtGzy0E0E0ByD0FtB0BtC0E0E0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D853261159%26a%3Dwbf_ir_15_51%26os%3DWindows%2B10%2BHome"
    R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3161744 2016-12-30] (The Nielsen Company)
    R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [34960 2016-12-30] (The Nielsen Company)
    U0 ucfnjb; C:\WINDOWS\System32\drivers\wmyxxxi.sys [79064 2017-03-17] (Malwarebytes Corporation)
    2017-03-17 06:57 - 2017-03-17 06:57 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\wmyxxxi.sys
    2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}
    2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}
    2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}
    2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}
    2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}
    2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}
    2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}
    2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}
    2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}
    2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}
    2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}
    2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}
    2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}
    2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}
    2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}
    2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}
    2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}
    2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}
    2017-03-10 11:19 - 2017-01-22 07:56 - 00000000 ____D C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}
    2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}
    2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}
    2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}
    2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}
    2017-03-10 11:19 - 2017-01-21 06:47 - 00000000 ____D C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}
    2017-03-10 11:19 - 2017-01-21 06:45 - 00000000 ____D C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}
    C:\Users\MELISSA\DB501421562943B29E87E17A3AA55E0D.dat
    C:\Users\MELISSA\DDB911B1C7CA441D8220DA0BF2521CF7.dat
    C:\Users\MELISSA\DFB13C17C85B943FE1319201432B6D7E.dat
    2017-01-26 06:52 - 2017-01-26 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\109087577.t.exe
    2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\114397200.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\117680638.t.exe
    2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\118445663.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\121754322.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\130401530.t.exe
    2017-01-27 18:18 - 2017-01-27 18:18 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\20762209.t.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\2675474.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\27421117.t.exe
    2017-01-27 00:52 - 2017-01-27 00:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\33278308.t.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\53873459.t.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\54393553.t.exe
    2017-01-27 06:52 - 2017-01-27 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\56041400.t.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\70578395.t.exe
    2017-01-26 12:52 - 2017-01-26 12:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\84033259.t.exe
    HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [202896 2016-12-30] (The Nielsen Company)
    Task: {0391BEB9-6AC3-403C-A60B-40D6D538C2EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0D3CCADB-E386-4E02-897D-7009A2410673} - System32\Tasks\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe [2017-01-27] () <==== ATTENTION
    Task: {10905323-0300-4186-B73D-9E95DBF70298} - System32\Tasks\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe [2017-01-26] () <==== ATTENTION
    Task: {150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} - System32\Tasks\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe [2017-01-21] () <==== ATTENTION
    Task: {18C8D0D3-5A75-4F15-995F-F6AD463F9E51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {19B214DB-DF7D-4383-9996-AD3165DF3EF2} - System32\Tasks\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe [2017-01-22] () <==== ATTENTION
    Task: {2AF3ADA6-0785-4C88-9C14-EF55657B067E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} - System32\Tasks\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe [2017-01-26] () <==== ATTENTION
    Task: {334E094A-12E8-43DB-BAFB-7E86BB33EF17} - System32\Tasks\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe [2017-01-22] () <==== ATTENTION
    Task: {45AF1549-0727-4CA7-8100-773A26E12045} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
    Task: {474EA57A-2756-47F5-B7A4-9D4CDC21E69A} - System32\Tasks\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe [2017-01-27] () <==== ATTENTION
    Task: {4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {586FEA0B-6F5A-4C04-8288-55152913AB81} - System32\Tasks\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe [2017-01-26] () <==== ATTENTION
    Task: {5966C616-FA5C-48EC-8537-49B24EA875FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6793ECD1-5913-42FB-B512-4ECDA2F356BF} - System32\Tasks\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe [2017-01-27] () <==== ATTENTION
    Task: {6A810B0D-42D9-4649-A63B-297B9BEF87B7} - System32\Tasks\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe [2017-01-26] () <==== ATTENTION
    Task: {743F9E1D-6773-4200-9D5A-9C618661AC85} - System32\Tasks\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe [2017-01-28] () <==== ATTENTION
    Task: {752DF187-541C-4B04-957C-B7EBFD43F7B2} - System32\Tasks\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe [2017-01-27] () <==== ATTENTION
    Task: {79F2BB62-83FE-4B90-B9F4-AB8827396969} - System32\Tasks\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe [2017-01-28] () <==== ATTENTION
    Task: {981F2511-39C3-419D-83A4-50EAB4FF93A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9C12F2D5-3F64-4AE5-885E-D580BC3CB821} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {9E659FAF-FCE7-4C75-A884-27B5617FFDF7} - System32\Tasks\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\16bbc240\3db4b5a7.dll" <==== ATTENTION
    Task: {9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} - \WPD\SqmUpload_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
    Task: {9F6D1A3A-1935-439F-8192-74384D6BEBCE} - System32\Tasks\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe [2017-01-28] () <==== ATTENTION
    Task: {A0BE6F80-787A-4726-A452-82E13BAD4FFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A0F79657-B8C3-4030-8351-6437CE0ABB7E} - System32\Tasks\{9FCB943D-2860-2396-D613-C162EF66EA83} => C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe [2017-01-27] () <==== ATTENTION
    Task: {A7960F74-DC2D-4D46-A2C7-9C0536A04056} - System32\Tasks\{6324C194-D48F-763F-011D-D9340B96052C} => C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe [2017-01-25] () <==== ATTENTION
    Task: {BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} - System32\Tasks\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe [2017-01-22] () <==== ATTENTION
    Task: {BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} - System32\Tasks\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe [2017-01-27] () <==== ATTENTION
    Task: {CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} - System32\Tasks\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe [2017-01-21] () <==== ATTENTION
    Task: {CACB0520-1E9B-4A0F-8346-212EE3581F56} - System32\Tasks\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe [2017-01-22] () <==== ATTENTION
    Task: {CC66B77A-B72B-4975-BBAC-A0058418F70F} - System32\Tasks\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe [2017-01-26] () <==== ATTENTION
    Task: {CE1498A1-773C-4129-BE0B-251F0AEEDD13} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D32EB657-EBD9-4741-90ED-0AE811F64E80} - System32\Tasks\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe [2017-01-22] () <==== ATTENTION
    Task: {DFDDE333-B0A3-483E-9266-735041CAE66A} - \DNSROSEVILLE -> No File <==== ATTENTION
    Task: {E816A543-5BC5-420F-BDAD-EC29F392262E} - System32\Tasks\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe [2017-01-26] () <==== ATTENTION
    Task: {EA424FF9-A81F-48B1-8046-1D77E1678274} - System32\Tasks\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe [2017-01-25] () <==== ATTENTION
    Task: {F746419A-5EEF-40A0-897B-6AF058357D14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F8E13180-FC1C-424E-8E15-B88876F32503} - System32\Tasks\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe [2017-01-28] () <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    FirewallRules: [UDP Query User{35B993E4-BCA7-4563-BC61-D8F358EDA0DA}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{7120017F-6677-4E2E-9042-B1D02B373FAC}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{152F1FEF-843D-4C29-9DB0-E9D733EA8CBD}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
    FirewallRules: [TCP Query User{BD382E5A-7129-4220-B9D9-31F3050FAA53}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
    FirewallRules: [UDP Query User{5C3121F8-774B-4C4F-88E7-6FA2BAA8C5E4}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
    FirewallRules: [TCP Query User{156F5660-3C57-4E03-B9BC-9749E5CCE964}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
    FirewallRules: [{BBA03D95-8073-4208-A7F1-C8CA37E59642}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{734561E9-D1A3-4055-9546-A3E8C5D60FBC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{AA2149C3-4B46-4462-8C23-D761F03201E1}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
    FirewallRules: [{471D150C-08A5-4FD0-8373-0DBEF6112E34}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
    FirewallRules: [{7E08E2B5-835C-4AE6-977C-A5991BFE9342}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    FirewallRules: [{3353F4B3-5C92-4040-A112-C617512518FB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    reboot:



    *****************

    Processes closed successfully.
    HKLM\SOFTWARE\Policies\Google => key removed successfully
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}\\DhcpNameServer => value removed successfully
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}\\NameServer => value removed successfully
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}\\DhcpNameServer => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key removed successfully
    HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D11C762C-C567-4EF3-857E-BDA824E016DB} => key removed successfully
    HKCR\CLSID\{D11C762C-C567-4EF3-857E-BDA824E016DB} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    Firefox Proxy settings were reset.
    FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> type", 1 => not found
    C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] => moved successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin => key removed successfully
    Chrome StartupUrls => removed successfully
    "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_15_51&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0DyDtAtAtAzytAyD0CtN0D0Tzu0StCyEyEyDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0DtC0EtDzztA0EtGyB0D0A0BtGtDtA0AzytGyD0ByC0AtG0AtDtByBtDzz0E0EtDtB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0AzyyE0D0D0DtG0BtAyDtAtGyEtDzzzztG0A0AyCyBtGzy0E0E0ByD0FtB0BtC0E0E0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D853261159%26a%3Dwbf_ir_15_51%26os%3DWindows%2B10%2BHome" => Error: No automatic fix found for this entry.
    HKLM\System\CurrentControlSet\Services\NielsenUpdate => key removed successfully
    NielsenUpdate => service removed successfully
    nnfwdk => Unable to stop service.
    HKLM\System\CurrentControlSet\Services\nnfwdk => key removed successfully
    nnfwdk => service removed successfully
    HKLM\System\CurrentControlSet\Services\ucfnjb => key removed successfully
    ucfnjb => service removed successfully
    C:\WINDOWS\system32\Drivers\wmyxxxi.sys => moved successfully
    C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7} => moved successfully
    C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4} => moved successfully
    C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD} => moved successfully
    C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03} => moved successfully
    C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD} => moved successfully
    C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0} => moved successfully
    C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D} => moved successfully
    C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00} => moved successfully
    C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03} => moved successfully
    C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E} => moved successfully
    C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE} => moved successfully
    C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242} => moved successfully
    C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1} => moved successfully
    C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A} => moved successfully
    C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431} => moved successfully
    C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A} => moved successfully
    C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB} => moved successfully
    C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680} => moved successfully
    C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8} => moved successfully
    C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3} => moved successfully
    C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00} => moved successfully
    C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5} => moved successfully
    C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3} => moved successfully
    C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0} => moved successfully
    C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194} => moved successfully
    C:\Users\MELISSA\DB501421562943B29E87E17A3AA55E0D.dat => moved successfully
    C:\Users\MELISSA\DDB911B1C7CA441D8220DA0BF2521CF7.dat => moved successfully
    C:\Users\MELISSA\DFB13C17C85B943FE1319201432B6D7E.dat => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\109087577.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\114397200.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\117680638.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\118445663.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\121754322.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\130401530.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\20762209.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\2675474.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\27421117.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\33278308.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\53873459.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\54393553.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\56041400.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\70578395.t.exe => moved successfully
    C:\Users\MELISSA\AppData\Local\Temp\84033259.t.exe => moved successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NielsenOnline => value removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0391BEB9-6AC3-403C-A60B-40D6D538C2EC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0391BEB9-6AC3-403C-A60B-40D6D538C2EC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D3CCADB-E386-4E02-897D-7009A2410673} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D3CCADB-E386-4E02-897D-7009A2410673} => key removed successfully
    C:\WINDOWS\System32\Tasks\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10905323-0300-4186-B73D-9E95DBF70298} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10905323-0300-4186-B73D-9E95DBF70298} => key removed successfully
    C:\WINDOWS\System32\Tasks\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} => key removed successfully
    C:\WINDOWS\System32\Tasks\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18C8D0D3-5A75-4F15-995F-F6AD463F9E51} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C8D0D3-5A75-4F15-995F-F6AD463F9E51} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19B214DB-DF7D-4383-9996-AD3165DF3EF2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19B214DB-DF7D-4383-9996-AD3165DF3EF2} => key removed successfully
    C:\WINDOWS\System32\Tasks\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AF3ADA6-0785-4C88-9C14-EF55657B067E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AF3ADA6-0785-4C88-9C14-EF55657B067E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} => key removed successfully
    C:\WINDOWS\System32\Tasks\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{334E094A-12E8-43DB-BAFB-7E86BB33EF17} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{334E094A-12E8-43DB-BAFB-7E86BB33EF17} => key removed successfully
    C:\WINDOWS\System32\Tasks\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45AF1549-0727-4CA7-8100-773A26E12045} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45AF1549-0727-4CA7-8100-773A26E12045} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1956558233-2459589253-117431272-1001 => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{474EA57A-2756-47F5-B7A4-9D4CDC21E69A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{474EA57A-2756-47F5-B7A4-9D4CDC21E69A} => key removed successfully
    C:\WINDOWS\System32\Tasks\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{586FEA0B-6F5A-4C04-8288-55152913AB81} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{586FEA0B-6F5A-4C04-8288-55152913AB81} => key removed successfully
    C:\WINDOWS\System32\Tasks\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5966C616-FA5C-48EC-8537-49B24EA875FC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5966C616-FA5C-48EC-8537-49B24EA875FC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6793ECD1-5913-42FB-B512-4ECDA2F356BF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6793ECD1-5913-42FB-B512-4ECDA2F356BF} => key removed successfully
    C:\WINDOWS\System32\Tasks\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A810B0D-42D9-4649-A63B-297B9BEF87B7} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A810B0D-42D9-4649-A63B-297B9BEF87B7} => key removed successfully
    C:\WINDOWS\System32\Tasks\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{743F9E1D-6773-4200-9D5A-9C618661AC85} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{743F9E1D-6773-4200-9D5A-9C618661AC85} => key removed successfully
    C:\WINDOWS\System32\Tasks\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{752DF187-541C-4B04-957C-B7EBFD43F7B2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{752DF187-541C-4B04-957C-B7EBFD43F7B2} => key removed successfully
    C:\WINDOWS\System32\Tasks\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79F2BB62-83FE-4B90-B9F4-AB8827396969} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F2BB62-83FE-4B90-B9F4-AB8827396969} => key removed successfully
    C:\WINDOWS\System32\Tasks\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{981F2511-39C3-419D-83A4-50EAB4FF93A6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{981F2511-39C3-419D-83A4-50EAB4FF93A6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C12F2D5-3F64-4AE5-885E-D580BC3CB821} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C12F2D5-3F64-4AE5-885E-D580BC3CB821} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E659FAF-FCE7-4C75-A884-27B5617FFDF7} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E659FAF-FCE7-4C75-A884-27B5617FFDF7} => key removed successfully
    C:\WINDOWS\System32\Tasks\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1956558233-2459589253-117431272-1001 => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F6D1A3A-1935-439F-8192-74384D6BEBCE} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6D1A3A-1935-439F-8192-74384D6BEBCE} => key removed successfully
    C:\WINDOWS\System32\Tasks\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0BE6F80-787A-4726-A452-82E13BAD4FFA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0BE6F80-787A-4726-A452-82E13BAD4FFA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0F79657-B8C3-4030-8351-6437CE0ABB7E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0F79657-B8C3-4030-8351-6437CE0ABB7E} => key removed successfully
    C:\WINDOWS\System32\Tasks\{9FCB943D-2860-2396-D613-C162EF66EA83} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9FCB943D-2860-2396-D613-C162EF66EA83} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7960F74-DC2D-4D46-A2C7-9C0536A04056} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7960F74-DC2D-4D46-A2C7-9C0536A04056} => key removed successfully
    C:\WINDOWS\System32\Tasks\{6324C194-D48F-763F-011D-D9340B96052C} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6324C194-D48F-763F-011D-D9340B96052C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} => key removed successfully
    C:\WINDOWS\System32\Tasks\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} => key removed successfully
    C:\WINDOWS\System32\Tasks\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} => key removed successfully
    C:\WINDOWS\System32\Tasks\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CACB0520-1E9B-4A0F-8346-212EE3581F56} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CACB0520-1E9B-4A0F-8346-212EE3581F56} => key removed successfully
    C:\WINDOWS\System32\Tasks\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC66B77A-B72B-4975-BBAC-A0058418F70F} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC66B77A-B72B-4975-BBAC-A0058418F70F} => key removed successfully
    C:\WINDOWS\System32\Tasks\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE1498A1-773C-4129-BE0B-251F0AEEDD13} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE1498A1-773C-4129-BE0B-251F0AEEDD13} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D32EB657-EBD9-4741-90ED-0AE811F64E80} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D32EB657-EBD9-4741-90ED-0AE811F64E80} => key removed successfully
    C:\WINDOWS\System32\Tasks\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DFDDE333-B0A3-483E-9266-735041CAE66A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFDDE333-B0A3-483E-9266-735041CAE66A} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSROSEVILLE => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E816A543-5BC5-420F-BDAD-EC29F392262E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E816A543-5BC5-420F-BDAD-EC29F392262E} => key removed successfully
    C:\WINDOWS\System32\Tasks\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA424FF9-A81F-48B1-8046-1D77E1678274} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA424FF9-A81F-48B1-8046-1D77E1678274} => key removed successfully
    C:\WINDOWS\System32\Tasks\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F746419A-5EEF-40A0-897B-6AF058357D14} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F746419A-5EEF-40A0-897B-6AF058357D14} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8E13180-FC1C-424E-8E15-B88876F32503} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8E13180-FC1C-424E-8E15-B88876F32503} => key removed successfully
    C:\WINDOWS\System32\Tasks\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => key removed successfully
    C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{35B993E4-BCA7-4563-BC61-D8F358EDA0DA}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7120017F-6677-4E2E-9042-B1D02B373FAC}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{152F1FEF-843D-4C29-9DB0-E9D733EA8CBD}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BD382E5A-7129-4220-B9D9-31F3050FAA53}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5C3121F8-774B-4C4F-88E7-6FA2BAA8C5E4}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{156F5660-3C57-4E03-B9BC-9749E5CCE964}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBA03D95-8073-4208-A7F1-C8CA37E59642} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{734561E9-D1A3-4055-9546-A3E8C5D60FBC} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA2149C3-4B46-4462-8C23-D761F03201E1} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{471D150C-08A5-4FD0-8373-0DBEF6112E34} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E08E2B5-835C-4AE6-977C-A5991BFE9342} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3353F4B3-5C92-4040-A112-C617512518FB} => value removed successfully

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

    Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
    Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 09:58:36 ====

     

     

    # AdwCleaner v6.044 - Logfile created 21/03/2017 at 10:34:29
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-20.1 [Server]
    # Operating System : Windows 10 Home  (X64)
    # Username : MELISSA - STAYOFFMYLAPTOP
    # Running from : C:\Users\MELISSA\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\ProgramData\16bbc240
    [-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
    [#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
    [-] Folder deleted: C:\Users\Public\Pokki
    [-] Folder deleted: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc
    [-] Folder deleted: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejocekekgcaldnmjngfdbmbeebcekelc


    ***** [ Files ] *****

    [-] File deleted: C:\END
    [-] File deleted: C:\Users\MELISSA\AppData\Local\Temp\Utils.dll
    [-] File deleted: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0.localstorage
    [-] File deleted: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejocekekgcaldnmjngfdbmbeebcekelc_0.localstorage-journal


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\c6e5b0b9-086d-2d5d-eb3f-87849b4504eb
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [-] Key deleted: HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
    [-] Key deleted: HKU\.DEFAULT\Software\ByteFence
    [-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\ByteFence
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
    [-] Data restored: HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    [-] Data restored: HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
    [-] Value deleted: HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
    [#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f


    ***** [ Web browsers ] *****

    [-] Firefox preferences cleaned: "browser.search.defaultenginename.US" -  "Search Provided by Yahoo"
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search provided by yahoo.com
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ejocekekgcaldnmjngfdbmbeebcekelc


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5686 Bytes] - [21/03/2017 10:34:29]
    C:\AdwCleaner\AdwCleaner[R0].txt - [3206 Bytes] - [24/01/2015 22:57:38]
    C:\AdwCleaner\AdwCleaner[R1].txt - [3344 Bytes] - [31/01/2015 15:54:16]
    C:\AdwCleaner\AdwCleaner[R2].txt - [4237 Bytes] - [31/01/2015 15:57:52]
    C:\AdwCleaner\AdwCleaner[R3].txt - [7340 Bytes] - [03/04/2015 09:24:34]
    C:\AdwCleaner\AdwCleaner[R4].txt - [3037 Bytes] - [06/03/2016 11:38:20]
    C:\AdwCleaner\AdwCleaner[R5].txt - [3097 Bytes] - [06/03/2016 12:57:09]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3010 Bytes] - [24/01/2015 23:00:55]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4364 Bytes] - [31/01/2015 16:00:39]
    C:\AdwCleaner\AdwCleaner[S2].txt - [5051 Bytes] - [15/06/2015 12:59:08]
    C:\AdwCleaner\AdwCleaner[S3].txt - [3057 Bytes] - [06/03/2016 13:00:47]
    C:\AdwCleaner\AdwCleaner[S4].txt - [6546 Bytes] - [21/03/2017 10:23:31]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6562 Bytes] ##########
     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.2 (03.10.2017)
    Operating System: Windows 10 Home x64
    Ran by MELISSA (Administrator) on Tue 03/21/2017 at 10:44:20.85
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder)
    Successfully deleted: C:\WINDOWS\couponprinter.ocx (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 03/21/2017 at 10:57:12.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
    Ran by MELISSA (administrator) on STAYOFFMYLAPTOP (17-03-2017 18:05:06)
    Running from C:\Users\MELISSA\Desktop
    Loaded Profiles: MELISSA (Available Profiles: MELISSA)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
    () C:\Program Files (x86)\Razer\Comms\RazerComms.exe
    (Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
    (The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
    (The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
    (Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
    (Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Razer, Inc.) C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
    (The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\NielsenOnline64.exe
    (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper.exe
    (Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
    () C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
    () C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
    () C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
    () C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
    () C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
    () C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
    () C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
    () C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
    () C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
    () C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
    () C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
    () C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
    () C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
    () C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
    () C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
    () C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
    () C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
    () C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
    () C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
    () C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
    () C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
    () C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
    () C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
    () C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    (OldTimer Tools) C:\Users\MELISSA\Desktop\Spyware Removers\OTL.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
    () C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-03] (Synaptics Incorporated)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
    HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [202896 2016-12-30] (The Nielsen Company)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Cricut Design Space] => C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [421704 2016-09-26] (Provo Craft & Novelty, Inc.)
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7025984 2015-12-18] ()
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-05] ()
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\RunOnce: [Uninstall C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
    Startup: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-12-07]
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
    Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [DhcpNameServer] 209.18.47.62 209.18.47.61
    Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [DhcpNameServer] 82.163.143.176
    Tcpip\..\Interfaces\{59bfb56f-bfba-402e-bb59-f42eea5652b7}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [DhcpNameServer] 82.163.143.176

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1956558233-2459589253-117431272-1001 -> {D11C762C-C567-4EF3-857E-BDA824E016DB} URL =
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-28] (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-28] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: 9xwaecix.default
    FF ProfilePath: C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default [2017-03-17]
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9xwaecix.default -> Search Provided by Yahoo
    FF Homepage: Mozilla\Firefox\Profiles\9xwaecix.default -> www.google.com
    FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> socks_remote_dns", true
    FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> type", 1
    FF Extension: (Pin It Button) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\[email protected] [2015-04-16] [not signed]
    FF Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-03-15]
    FF Extension: (QuickJava) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-10]
    FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2017-03-17]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-28] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxps://www.google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/",
             "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_15_51&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0DyDtAtAtAzytAyD0CtN0D0Tzu0StCyEyEyDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0DtC0EtDzztA0EtGyB0D0A0BtGtDtA0AzytGyD0ByC0AtG0AtDtByBtDzz0E0EtDtB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0AzyyE0D0D0DtG0BtAyDtAtGyEtDzzzztG0A0AyCyBtGzy0E0E0ByD0FtB0BtC0E0E0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D853261159%26a%3Dwbf_ir_15_51%26os%3DWindows%2B10%2BHome"
          
    CHR Profile: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
    CHR Extension: (Floorplanner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-11-18]
    CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-07-12]
    CHR Extension: (Radio) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-18]
    CHR Extension: (Theme Creator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
    CHR Extension: (BeFunky Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-07-12]
    CHR Extension: (Skype Calling) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-26]
    CHR Extension: (App Launcher for Messenger) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllmngcdibgbgjnginpehneeofhbmdjm [2016-11-29]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
    CHR Extension: (Nielsen NetSight) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2016-12-08]
    CHR Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-11-29]
    CHR Extension: (Facebook Color Changer) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2015-11-18]
    CHR Extension: (Google Tips) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2015-11-18]
    CHR Extension: (Weebly - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
    CHR Extension: (Netflix) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-11-18]
    CHR Extension: (Calculator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-07-12]
    CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-11-18]
    CHR Extension: (OfferUp) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeobddbjanlolglliphmmnffbloffop [2015-11-18]
    CHR Extension: (Flowers) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaahnnffoganapbfkjfohaffjndgcamn [2015-02-01]
    CHR Extension: (Pixlr-o-matic) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-11-18]
    CHR Extension: (SPOTS - A better way to start) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2016-03-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
    CHR Extension: (PicMonkey) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-06-25]
    CHR Extension: (Full Screen Weather) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-29]
    CHR Extension: (CloudConvert) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-08]
    CHR Extension: (Music Player for Google Drive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2015-11-18]
    CHR Extension: (Pixlr Express) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-11-18]
    CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-11-30]
    CHR Extension: (Crackle) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-11-18]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-11-18]
    CHR Extension: (iPiccy Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-11-18]
    CHR Extension: (Roomstyler 3D planner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2016-02-23]
    CHR Extension: (Webflow - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabncpcembkecekibfmamlbogjefdnae [2015-11-18]
    CHR Extension: (Autodesk Homestyler) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-09-01]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-11-18]
    CHR Extension: (Canva) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2015-11-18]
    CHR Extension: (Planner 5D - Interior Design) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-21]
    CHR Extension: (Pocket) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-11-18]
    CHR Extension: (Sunrise Calendar) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-11-18]
    CHR Extension: (multifolder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfjlfpabnjllhcpgncdmbelnehboeki [2015-11-18]
    CHR Extension: (OneDrive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-11-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
    CHR Extension: (Any.do) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-11-18]
    CHR Extension: (Checker Plus for Gmail™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-21]
    CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-11-18]
    CHR Extension: (Psykopaint) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-11-18]
    CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
    CHR Extension: (Inbox by Gmail) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-18]
    CHR Extension: (Chrome Media Router) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-01]
    CHR HKLM\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-12-07] (Adobe Systems) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
    S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-11-27] (EasyAntiCheat Ltd)
    R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-01] (Intel Corporation)
    R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3161744 2016-12-30] (The Nielsen Company)
    S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-05] (Overwolf LTD)
    R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-03] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [23696 2016-12-30] (The Nielsen Company)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [34960 2016-12-30] (The Nielsen Company)
    R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
    R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
    R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-03] (Synaptics Incorporated)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
    R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    U0 ucfnjb; C:\WINDOWS\System32\drivers\wmyxxxi.sys [79064 2017-03-17] (Malwarebytes Corporation)
    S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-17 18:05 - 2017-03-17 18:06 - 00029487 _____ C:\Users\MELISSA\Desktop\FRST.txt
    2017-03-17 18:04 - 2017-03-17 18:05 - 00000000 ____D C:\FRST
    2017-03-17 18:04 - 2017-03-17 18:04 - 02424832 _____ (Farbar) C:\Users\MELISSA\Desktop\FRST64.exe
    2017-03-17 18:02 - 2017-03-17 18:02 - 00195038 _____ C:\Users\MELISSA\Desktop\OTL.Txt
    2017-03-17 07:22 - 2017-03-17 07:22 - 00000000 ____D C:\Users\MELISSA\Downloads\SmitfraudFix
    2017-03-17 07:17 - 2017-03-17 07:18 - 01872472 _____ C:\Users\MELISSA\Downloads\SmitfraudFix.exe
    2017-03-17 07:15 - 2017-03-17 07:15 - 05659355 _____ (Swearware) C:\Users\MELISSA\Downloads\ComboFix.exe
    2017-03-17 07:12 - 2017-03-17 07:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\MELISSA\Downloads\HiJackThis.exe
    2017-03-17 07:10 - 2017-03-17 07:11 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-03-17 07:10 - 2017-03-17 07:10 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-03-17 07:10 - 2017-03-17 07:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-03-17 07:09 - 2017-03-17 07:09 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-03-17 07:09 - 2017-03-17 07:09 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-03-17 07:09 - 2017-03-17 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-17 07:09 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-03-17 07:08 - 2017-03-17 07:08 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-17 07:05 - 2017-03-17 07:06 - 57131432 _____ (Malwarebytes ) C:\Users\MELISSA\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-17 06:57 - 2017-03-17 06:57 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\wmyxxxi.sys
    2017-03-17 06:02 - 2017-03-17 06:03 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 002
    2017-03-17 06:00 - 2017-03-17 06:00 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 001
    2017-03-15 22:49 - 2017-03-15 22:49 - 00012864 ____N C:\bootsqm.dat
    2017-03-10 11:32 - 2017-03-10 11:32 - 00000000 ____D C:\Users\MELISSA\Desktop\Power Of Attorney Van Title
    2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Dynamsoft
    2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Dynamsoft
    2017-03-10 11:21 - 2017-03-10 11:21 - 01781272 _____ (Dynamsoft Corporation) C:\Users\MELISSA\Downloads\DynamicWebTWAINHTML5Edition.exe
    2017-03-10 11:20 - 2017-03-10 11:20 - 00000000 ____D C:\Users\MELISSA\Desktop\Steve Greenfield Pay Stub
    2017-03-10 11:15 - 2017-03-10 11:15 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-10 001

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-17 18:00 - 2015-01-31 15:59 - 00000000 ____D C:\Users\MELISSA\Desktop\Spyware Removers
    2017-03-17 08:04 - 2016-09-29 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-03-17 07:08 - 2015-01-30 11:47 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-17 07:02 - 2016-11-21 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-03-17 06:57 - 2016-11-29 03:38 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Mozilla
    2017-03-17 06:57 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\security
    2017-03-17 06:57 - 2016-02-19 09:57 - 00000000 ____D C:\ProgramData\16bbc240
    2017-03-17 06:46 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-03-15 23:01 - 2015-07-14 22:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-03-15 22:58 - 2016-10-15 01:07 - 00000000 ____D C:\Program Files (x86)\Overwolf
    2017-03-15 22:57 - 2015-09-03 22:21 - 01011092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-03-15 22:54 - 2016-10-15 01:05 - 00000000 ____D C:\Users\MELISSA\AppData\Local\Overwolf
    2017-03-15 22:52 - 2015-09-03 23:32 - 00000000 __SHD C:\Users\MELISSA\IntelGraphicsProfiles
    2017-03-15 22:50 - 2016-09-29 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}
    2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}
    2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}
    2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}
    2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}
    2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}
    2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}
    2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}
    2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}
    2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}
    2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}
    2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}
    2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}
    2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}
    2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}
    2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}
    2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}
    2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}
    2017-03-10 11:19 - 2017-01-22 07:56 - 00000000 ____D C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}
    2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}
    2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}
    2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}
    2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}
    2017-03-10 11:19 - 2017-01-21 06:47 - 00000000 ____D C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}
    2017-03-10 11:19 - 2017-01-21 06:45 - 00000000 ____D C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}
    2017-02-15 11:24 - 2016-09-29 17:55 - 00000000 ____D C:\Users\MELISSA
    2017-02-15 11:23 - 2015-03-20 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-15 11:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

    ==================== Files in the root of some directories =======

    2015-06-15 02:38 - 2015-06-15 02:38 - 0000077 _____ () C:\Users\MELISSA\AppData\Roaming\Camdata.ini
    2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamLayout.ini
    2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamShapes.ini
    2015-06-15 02:32 - 2015-06-15 02:39 - 0004536 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.cfg
    2015-06-15 02:37 - 2015-06-15 02:37 - 0000098 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.command
    2015-06-15 02:38 - 2015-06-15 02:38 - 0000000 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.Data.ini
    2015-06-15 02:38 - 2015-06-15 02:38 - 0001207 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.ini
    2015-06-15 02:25 - 2015-06-15 02:25 - 0000096 _____ () C:\Users\MELISSA\AppData\Roaming\version2.xml
    2016-09-29 17:49 - 2016-09-29 17:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Files to move or delete:
    ====================
    C:\Users\MELISSA\DB501421562943B29E87E17A3AA55E0D.dat
    C:\Users\MELISSA\DDB911B1C7CA441D8220DA0BF2521CF7.dat
    C:\Users\MELISSA\DFB13C17C85B943FE1319201432B6D7E.dat


    Some files in TEMP:
    ====================
    2017-01-26 06:52 - 2017-01-26 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\109087577.t.exe
    2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\114397200.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\117680638.t.exe
    2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\118445663.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\121754322.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\130401530.t.exe
    2017-01-27 18:18 - 2017-01-27 18:18 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\20762209.t.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\2675474.t.exe
    2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\27421117.t.exe
    2017-01-27 00:52 - 2017-01-27 00:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\33278308.t.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\53873459.t.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\54393553.t.exe
    2017-01-27 06:52 - 2017-01-27 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\56041400.t.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\70578395.t.exe
    2017-01-26 12:52 - 2017-01-26 12:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\84033259.t.exe
    2016-10-06 00:20 - 2016-09-26 12:04 - 0214856 _____ (Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Local\Temp\CricutUtilCL.exe
    2014-11-08 04:33 - 2015-01-24 05:30 - 0601088 _____ () C:\Users\MELISSA\AppData\Local\Temp\Quarantine.exe
    2014-11-08 04:47 - 2014-10-17 07:39 - 0665682 _____ (SQLite Development Team) C:\Users\MELISSA\AppData\Local\Temp\sqlite3.dll
    2016-10-15 01:06 - 2016-10-15 01:06 - 0065280 _____ () C:\Users\MELISSA\AppData\Local\Temp\utils.dll

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-02-14 22:01

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
    Ran by MELISSA (17-03-2017 18:07:24)
    Running from C:\Users\MELISSA\Desktop
    Windows 10 Home Version 1607 (X64) (2016-09-29 22:37:38)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1956558233-2459589253-117431272-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1956558233-2459589253-117431272-503 - Limited - Disabled)
    Guest (S-1-5-21-1956558233-2459589253-117431272-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1956558233-2459589253-117431272-1003 - Limited - Enabled)
    MELISSA (S-1-5-21-1956558233-2459589253-117431272-1001 - Administrator - Enabled) => C:\Users\MELISSA

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
    Chronicle (HKLM-x32\...\{5F968911-50CB-4633-95BF-FD8560E9BF96}) (Version: 1.5.0 - Jagex)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Cricut Design Space Client (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Cricut Design Space Client) (Version: 3.2.1.0 - Provo Craft)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Dynamic Web TWAIN HTML5 Edition (HKLM-x32\...\{B4D31736-4D13-4BCD-B050-7DD3E45C1650}) (Version: 11.1.831 - Dynamsoft)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Icecream Screen Recorder version 1.47 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 1.47 - Icecream Apps)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
    Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.1.3000 - Maxthon International Limited)
    Nielsen (HKLM-x32\...\NetSight) (Version:  - )
    Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
    Pokki Start Menu (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Pokki_Start_Menu) (Version: 0.269.5.284 - Pokki)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
    RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
    RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
    Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
    Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
    TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
    Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports  (11/04/2015 2.0.0.0) (HKLM\...\F9008028528C059AEF07C6D89D45BB3C63057E83) (Version: 11/04/2015 2.0.0.0 - Provo Craft & Novelty, Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1956558233-2459589253-117431272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0391BEB9-6AC3-403C-A60B-40D6D538C2EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0D3CCADB-E386-4E02-897D-7009A2410673} - System32\Tasks\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe [2017-01-27] () <==== ATTENTION
    Task: {10905323-0300-4186-B73D-9E95DBF70298} - System32\Tasks\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe [2017-01-26] () <==== ATTENTION
    Task: {150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} - System32\Tasks\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe [2017-01-21] () <==== ATTENTION
    Task: {18C8D0D3-5A75-4F15-995F-F6AD463F9E51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {19B214DB-DF7D-4383-9996-AD3165DF3EF2} - System32\Tasks\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe [2017-01-22] () <==== ATTENTION
    Task: {274B4521-9F39-4BC3-AF2A-550CA9C7A6EC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
    Task: {2AF3ADA6-0785-4C88-9C14-EF55657B067E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} - System32\Tasks\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe [2017-01-26] () <==== ATTENTION
    Task: {334E094A-12E8-43DB-BAFB-7E86BB33EF17} - System32\Tasks\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe [2017-01-22] () <==== ATTENTION
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
    Task: {373F1A19-80D8-4786-B7D4-35A77CC4DE19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
    Task: {3B3010E6-9813-4167-BBD4-68D08CB485F1} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2016-10-25] (Maxthon International ltd.)
    Task: {45AF1549-0727-4CA7-8100-773A26E12045} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
    Task: {474EA57A-2756-47F5-B7A4-9D4CDC21E69A} - System32\Tasks\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe [2017-01-27] () <==== ATTENTION
    Task: {48A1E01D-A72A-4268-A3BD-D784AA9E8379} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
    Task: {4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {586FEA0B-6F5A-4C04-8288-55152913AB81} - System32\Tasks\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe [2017-01-26] () <==== ATTENTION
    Task: {5966C616-FA5C-48EC-8537-49B24EA875FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {5A29FAFB-F6EC-486C-B203-0936F34DC71F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {6793ECD1-5913-42FB-B512-4ECDA2F356BF} - System32\Tasks\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe [2017-01-27] () <==== ATTENTION
    Task: {6904ED79-428A-4F92-A3DD-BEC235077348} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
    Task: {6A810B0D-42D9-4649-A63B-297B9BEF87B7} - System32\Tasks\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe [2017-01-26] () <==== ATTENTION
    Task: {743F9E1D-6773-4200-9D5A-9C618661AC85} - System32\Tasks\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe [2017-01-28] () <==== ATTENTION
    Task: {752DF187-541C-4B04-957C-B7EBFD43F7B2} - System32\Tasks\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe [2017-01-27] () <==== ATTENTION
    Task: {7955CE6B-B103-4D68-92ED-54214361F32A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-03] (Synaptics Incorporated)
    Task: {79F2BB62-83FE-4B90-B9F4-AB8827396969} - System32\Tasks\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe [2017-01-28] () <==== ATTENTION
    Task: {7CA36C8D-4322-42A5-A6F0-9CA836563B73} - System32\Tasks\{6377FA63-A286-4586-BC11-393CD0BCD97A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
    Task: {90CED535-E6A7-4898-A78A-F0DC0495B1B1} - System32\Tasks\{0C3F35D2-16C9-405A-9AA3-8335DCBB9B69} => pcalua.exe -a C:\Users\MELISSA\AppData\Local\Pokki\Uninstall.exe
    Task: {981F2511-39C3-419D-83A4-50EAB4FF93A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9C12F2D5-3F64-4AE5-885E-D580BC3CB821} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {9E659FAF-FCE7-4C75-A884-27B5617FFDF7} - System32\Tasks\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\16bbc240\3db4b5a7.dll" <==== ATTENTION
    Task: {9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} - \WPD\SqmUpload_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
    Task: {9EEF332A-0305-4846-8ED9-3F7EBB2DDB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
    Task: {9F6D1A3A-1935-439F-8192-74384D6BEBCE} - System32\Tasks\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe [2017-01-28] () <==== ATTENTION
    Task: {A0BE6F80-787A-4726-A452-82E13BAD4FFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A0F79657-B8C3-4030-8351-6437CE0ABB7E} - System32\Tasks\{9FCB943D-2860-2396-D613-C162EF66EA83} => C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe [2017-01-27] () <==== ATTENTION
    Task: {A7960F74-DC2D-4D46-A2C7-9C0536A04056} - System32\Tasks\{6324C194-D48F-763F-011D-D9340B96052C} => C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe [2017-01-25] () <==== ATTENTION
    Task: {BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} - System32\Tasks\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe [2017-01-22] () <==== ATTENTION
    Task: {BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} - System32\Tasks\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe [2017-01-27] () <==== ATTENTION
    Task: {CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} - System32\Tasks\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe [2017-01-21] () <==== ATTENTION
    Task: {CACB0520-1E9B-4A0F-8346-212EE3581F56} - System32\Tasks\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe [2017-01-22] () <==== ATTENTION
    Task: {CC66B77A-B72B-4975-BBAC-A0058418F70F} - System32\Tasks\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe [2017-01-26] () <==== ATTENTION
    Task: {CE1498A1-773C-4129-BE0B-251F0AEEDD13} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {D273C52A-3710-4E1A-BA2F-AB2287C222AE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-05] (Overwolf LTD)
    Task: {D32EB657-EBD9-4741-90ED-0AE811F64E80} - System32\Tasks\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe [2017-01-22] () <==== ATTENTION
    Task: {DFDDE333-B0A3-483E-9266-735041CAE66A} - \DNSROSEVILLE -> No File <==== ATTENTION
    Task: {E2707D30-BBA1-45F5-9E16-205F51144B38} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
    Task: {E678B56F-D9F3-45B5-BA6D-525BC73FE57D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
    Task: {E816A543-5BC5-420F-BDAD-EC29F392262E} - System32\Tasks\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe [2017-01-26] () <==== ATTENTION
    Task: {EA424FF9-A81F-48B1-8046-1D77E1678274} - System32\Tasks\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe [2017-01-25] () <==== ATTENTION
    Task: {F746419A-5EEF-40A0-897B-6AF058357D14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {F8E13180-FC1C-424E-8E15-B88876F32503} - System32\Tasks\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe [2017-01-28] () <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\App Launcher for Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bllmngcdibgbgjnginpehneeofhbmdjm
    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
    ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
    2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2015-12-18 01:15 - 2015-12-18 01:15 - 07025984 _____ () C:\Program Files (x86)\Razer\Comms\RazerComms.exe
    2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
    2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
    2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
    2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
    2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
    2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
    2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
    2017-01-21 06:47 - 2017-01-21 06:47 - 00986624 _____ () C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
    2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
    2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
    2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
    2017-01-21 06:45 - 2017-01-21 06:45 - 01373184 ____N () C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
    2017-01-27 18:18 - 2017-01-27 18:18 - 00986624 _____ () C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
    2017-01-27 18:18 - 2017-01-27 18:20 - 00986624 _____ () C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
    2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
    2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
    2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
    2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
    2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
    2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
    2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
    2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
    2017-01-22 07:56 - 2017-01-22 07:56 - 01373184 ____N () C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
    2017-03-17 07:22 - 2008-05-27 23:17 - 00003584 _____ () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
    2017-03-17 07:08 - 2017-03-17 07:06 - 01192400 _____ () C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
    2017-03-17 07:03 - 2017-03-17 07:06 - 01192400 ____N () C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
    2017-03-17 06:14 - 2017-03-17 06:15 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-03-17 06:14 - 2017-03-17 06:15 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-03-17 06:14 - 2017-03-17 06:15 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-03-17 06:14 - 2017-03-17 06:15 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
    2016-09-29 21:35 - 2016-09-29 21:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-22 08:30 - 2016-12-21 03:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-22 08:30 - 2016-12-21 02:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-22 08:30 - 2016-12-21 02:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-22 08:30 - 2016-12-21 02:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-22 08:30 - 2016-12-21 02:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-22 08:30 - 2016-12-21 02:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-22 08:30 - 2016-12-21 02:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-10-21 01:38 - 2015-08-27 17:30 - 40622592 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libcef.dll
    2017-03-05 04:56 - 2017-03-05 04:56 - 67310648 _____ () C:\Program Files (x86)\Overwolf\0.103.32.0\libcef.DLL
    2016-10-21 01:38 - 2015-08-27 17:30 - 00911360 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libglesv2.dll
    2016-10-21 01:38 - 2015-08-27 17:30 - 00134144 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2016-01-05 14:25 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 api.recommendedsw.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com

    There are 4 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "SynTPEnh"
    HKLM\...\StartupApproved\Run: => "TecoResident"
    HKLM\...\StartupApproved\Run: => "TCrdMain"
    HKLM\...\StartupApproved\Run: => "TSSSrv"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "KeNotify"
    HKLM\...\StartupApproved\Run32: => "TSVU"
    HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_81FC116245CE5C543934A0C94EE6D6B3"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudServices"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify Web Helper"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudDrive"
    HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{086B4BA1-5547-49E7-BC6E-DB4F68B2C740}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [{8C3C76D9-341D-42AF-BA3D-65C2F25AD778}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
    FirewallRules: [UDP Query User{0578F204-2D93-4448-B0EF-ABBEA689EC23}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
    FirewallRules: [TCP Query User{550B6164-33D8-4C4D-B898-9C12105CC9A1}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
    FirewallRules: [{7624BBA6-2F6F-45E4-8A96-5B5CFBDBEACC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{638FC31B-BE3B-4023-83E4-6B299D3150B1}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F1EDC2AB-5FB8-4F80-B54B-99D5672629EA}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [UDP Query User{E49F4391-7130-43B4-AA1D-C5328A2BCCD7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{31CAEE89-5377-4EDA-86E5-F1E5BCD4DD33}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{759FD0EF-2B8E-4103-93AF-78A8129F4906}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{68EFAB0B-7EAB-46A5-AE81-AC5B3F0995EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{79BB38C2-E12A-4591-8317-1A3B71206FC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
    FirewallRules: [{98BC0562-3506-44C9-922D-5BC099EF5212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
    FirewallRules: [UDP Query User{35B993E4-BCA7-4563-BC61-D8F358EDA0DA}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [TCP Query User{7120017F-6677-4E2E-9042-B1D02B373FAC}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{152F1FEF-843D-4C29-9DB0-E9D733EA8CBD}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
    FirewallRules: [TCP Query User{BD382E5A-7129-4220-B9D9-31F3050FAA53}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
    FirewallRules: [UDP Query User{5C3121F8-774B-4C4F-88E7-6FA2BAA8C5E4}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
    FirewallRules: [TCP Query User{156F5660-3C57-4E03-B9BC-9749E5CCE964}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
    FirewallRules: [UDP Query User{14218FCD-C652-40D6-BC36-481725DE7BE9}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
    FirewallRules: [TCP Query User{8CEC814B-E0A2-47EA-85A5-31C2BD0B4F85}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
    FirewallRules: [{A658488A-5CBC-46A0-9B52-2A8D7C32A047}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{BFDABC1E-E777-49E8-8072-88893E18E857}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{FFDCFEAA-5D94-493C-9391-AF8DF0C32F83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{95606AC7-A616-4DB4-AEBD-F0473EED84C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [UDP Query User{EBDDD9BD-E66C-407C-AD11-71E480F7DECB}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{DFDB259D-F688-42CB-A80C-A3C9C248333E}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{0B992E45-6653-4416-BDFA-A4A729425D33}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{C5D505EA-43B6-4300-BE82-7F8FDC3AC480}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{04BEC408-E6F6-4679-A104-8452BFAB6A10}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{1BF59C2D-0E2B-454D-B7F9-B58948964C94}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{BBA03D95-8073-4208-A7F1-C8CA37E59642}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{734561E9-D1A3-4055-9546-A3E8C5D60FBC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
    FirewallRules: [{A0AB1ECF-1804-45B2-8072-CDB352AC689D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{CEEA716C-191C-4E69-A75A-55B13ED48251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{74B67271-C80F-45EE-988C-8E15FB89D561}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{F1472E9B-AF3F-438C-B713-CABB221320C8}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
    FirewallRules: [UDP Query User{F938384D-51C9-49B9-BAD1-17D2507798E6}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
    FirewallRules: [{AA2149C3-4B46-4462-8C23-D761F03201E1}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
    FirewallRules: [{471D150C-08A5-4FD0-8373-0DBEF6112E34}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
    FirewallRules: [{7E08E2B5-835C-4AE6-977C-A5991BFE9342}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    FirewallRules: [{3353F4B3-5C92-4040-A112-C617512518FB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
    FirewallRules: [{A5116747-72FB-487E-BFB0-DD9482C3501B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
    FirewallRules: [{166A5E2C-6810-47EA-954A-97987FEA93BF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
    FirewallRules: [{D6A94E67-FF06-43D6-A5E1-1C64017F306F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    FirewallRules: [{093D3EB7-C3BB-4454-8AFD-06923972958F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
    FirewallRules: [{8A1492F8-112C-463D-BCC5-4D285D1C7890}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    04-01-2017 14:48:51 Scheduled Checkpoint
    22-01-2017 09:09:14 Windows Update
    27-01-2017 09:20:22 Windows Update
    10-03-2017 11:22:45 Installed Dynamic Web TWAIN HTML5 Edition
    17-03-2017 07:02:36 Removed Chronicle

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/17/2017 07:03:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/17/2017 05:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
    Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/10/2017 05:34:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/10/2017 11:23:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/10/2017 10:11:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
    Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

    Error: (02/15/2017 11:26:47 AM) (Source: PerfNet) (EventID: 2004) (User: )
    Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

    Error: (02/15/2017 11:26:47 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (02/15/2017 11:26:46 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    System errors:
    =============
    Error: (03/17/2017 08:08:21 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

    Error: (03/17/2017 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
    Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.

    Error: (03/15/2017 11:09:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2017 10:55:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

    Error: (03/15/2017 10:52:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/15/2017 10:50:15 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:41:25 PM on ‎3/‎15/‎2017 was unexpected.

    Error: (03/10/2017 11:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/10/2017 11:18:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.

    Error: (03/10/2017 11:16:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Downloaded Maps Manager service hung on starting.

    Error: (03/10/2017 11:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    CodeIntegrity:
    ===================================
      Date: 2017-02-14 19:51:41.686
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-14 19:51:41.624
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-14 19:51:41.563
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:08.404
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:08.401
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:08.349
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:07.883
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:07.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:07.875
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 18:29:07.603
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
    Percentage of memory in use: 56%
    Total physical RAM: 3982.88 MB
    Available physical RAM: 1736.91 MB
    Total Virtual: 5390.88 MB
    Available Virtual: 2731.5 MB

    ==================== Drives ================================

    Drive c: (TI10700000B) (Fixed) (Total:455.15 GB) (Free:389.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    #4
    RKinner
    Posted 21 March 2017 - 10:52 AM

    RKinner

      Malware Expert

    • Expert
    • 24,625 posts
    • MVP

    You posted old FRST scan and addition.txt logs.  I need new FRST logs made after the fix was run.

     

    Is it running any better?


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP