When using Firefox, a ton of new tabs will randomly start opening. One I can remember is PC Pro Cleaner but there were so many.
Below are my FRST and Addition.txt notes.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by MELISSA (administrator) on STAYOFFMYLAPTOP (17-03-2017 18:05:06)
Running from C:\Users\MELISSA\Desktop
Loaded Profiles: MELISSA (Available Profiles: MELISSA)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dynamsoft Corporation) C:\Windows\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
() C:\Program Files (x86)\Razer\Comms\RazerComms.exe
(Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutBridge.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Razer, Inc.) C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\RzCefRenderProcess.exe
(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\NielsenOnline64.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.103.32.0\OverwolfHelper64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
() C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
() C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
() C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
() C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
() C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
() C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
() C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
() C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
() C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
() C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
() C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
() C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
() C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
() C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
() C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
() C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
() C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
() C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
() C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
() C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
() C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
() C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
() C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
() C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
() C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
(OldTimer Tools) C:\Users\MELISSA\Desktop\Spyware Removers\OTL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
() C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [NielsenOnline] => C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [202896 2016-12-30] (The Nielsen Company)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Cricut Design Space] => C:\Users\MELISSA\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe [421704 2016-09-26] (Provo Craft & Novelty, Inc.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Comms\RazerComms.exe [7025984 2015-12-18] ()
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-03-05] ()
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\RunOnce: [Uninstall C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MELISSA\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
Startup: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-12-07]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3c79c560-cb41-4229-9a3c-6195298fe207}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{449ec619-cffb-4166-9e57-f50900857a07}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{59bfb56f-bfba-402e-bb59-f42eea5652b7}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{da5e4388-9e9d-46de-8001-e76e30fa8879}: [DhcpNameServer] 82.163.143.176
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956558233-2459589253-117431272-1001 -> {D11C762C-C567-4EF3-857E-BDA824E016DB} URL =
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-28] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-28] (Oracle Corporation)
FireFox:
========
FF DefaultProfile: 9xwaecix.default
FF ProfilePath: C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default [2017-03-17]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9xwaecix.default -> Search Provided by Yahoo
FF Homepage: Mozilla\Firefox\Profiles\9xwaecix.default -> www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\9xwaecix.default -> type", 1
FF Extension: (Pin It Button) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\[email protected] [2015-04-16] [not signed]
FF Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-03-15]
FF Extension: (QuickJava) - C:\Users\MELISSA\AppData\Roaming\Mozilla\Firefox\Profiles\9xwaecix.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-10]
FF Extension: (Nielsen NetSight) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected] [2017-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\[email protected]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/",
"hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_15_51¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0E0DyDtAtAtAzytAyD0CtN0D0Tzu0StCyEyEyDtN1L2XzutAtFtCtBtFyBtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StD0DtC0EtDzztA0EtGyB0D0A0BtGtDtA0AzytGyD0ByC0AtG0AtDtByBtDzz0E0EtDtB0C0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyC0AzyyE0D0D0DtG0BtAyDtAtGyEtDzzzztG0A0AyCyBtGzy0E0E0ByD0FtB0BtC0E0E0A2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzzy%26cr%3D853261159%26a%3Dwbf_ir_15_51%26os%3DWindows%2B10%2BHome"
CHR Profile: C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-07]
CHR Extension: (Floorplanner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2015-11-18]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-07-12]
CHR Extension: (Radio) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-11-18]
CHR Extension: (Theme Creator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
CHR Extension: (BeFunky Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2016-07-12]
CHR Extension: (Skype Calling) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-11-26]
CHR Extension: (App Launcher for Messenger) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllmngcdibgbgjnginpehneeofhbmdjm [2016-11-29]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-18]
CHR Extension: (Nielsen NetSight) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgmmbefnahabhcchpfkobeindpppflc [2016-12-08]
CHR Extension: (Ebates Cash Back) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-11-29]
CHR Extension: (Facebook Color Changer) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\clnnapikbigkpjmgckhedmkgfkochicj [2015-11-18]
CHR Extension: (Google Tips) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2015-11-18]
CHR Extension: (Weebly - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-18]
CHR Extension: (Netflix) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-11-18]
CHR Extension: (Calculator) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\decmldkknaaemlafplkkdmmmelbdnlja [2016-07-12]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-11-18]
CHR Extension: (OfferUp) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\doeobddbjanlolglliphmmnffbloffop [2015-11-18]
CHR Extension: (Flowers) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaahnnffoganapbfkjfohaffjndgcamn [2015-02-01]
CHR Extension: (Pixlr-o-matic) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-11-18]
CHR Extension: (SPOTS - A better way to start) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejocekekgcaldnmjngfdbmbeebcekelc [2016-03-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-07]
CHR Extension: (PicMonkey) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2016-06-25]
CHR Extension: (Full Screen Weather) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-29]
CHR Extension: (CloudConvert) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2016-12-08]
CHR Extension: (Music Player for Google Drive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfeekfpnjbdmelcapngdgkjnhgijjkh [2015-11-18]
CHR Extension: (Pixlr Express) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2015-11-18]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-11-30]
CHR Extension: (Crackle) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-11-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-11-18]
CHR Extension: (iPiccy Photo Editor) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-11-18]
CHR Extension: (Roomstyler 3D planner) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi [2016-02-23]
CHR Extension: (Webflow - Website Builder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kabncpcembkecekibfmamlbogjefdnae [2015-11-18]
CHR Extension: (Autodesk Homestyler) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2016-09-01]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-11-18]
CHR Extension: (Canva) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbcfmcoibkecmionmehabndbljdleekf [2015-11-18]
CHR Extension: (Planner 5D - Interior Design) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2016-09-21]
CHR Extension: (Pocket) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-11-18]
CHR Extension: (Sunrise Calendar) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-11-18]
CHR Extension: (multifolder) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncfjlfpabnjllhcpgncdmbelnehboeki [2015-11-18]
CHR Extension: (OneDrive) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (Any.do) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-11-18]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2016-09-21]
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb [2015-11-18]
CHR Extension: (Psykopaint) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-11-18]
CHR Extension: (No Name) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-18]
CHR Extension: (Inbox by Gmail) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\MELISSA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-01]
CHR HKLM\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpgmmbefnahabhcchpfkobeindpppflc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-12-07] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Dynamsoft WebTWAIN Service; C:\WINDOWS\SysWOW64\Dynamsoft\DynamicWebTwain\ForChrome\WebTWAINService.exe [1347088 2015-08-31] (Dynamsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [236832 2015-11-27] (EasyAntiCheat Ltd)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-09-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [3161744 2016-12-30] (The Nielsen Company)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325384 2017-03-05] (Overwolf LTD)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-03] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AppObserver; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\appobserver64.sys [23696 2016-12-30] (The Nielsen Company)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter2\nnfwdk64.sys [34960 2016-12-30] (The Nielsen Company)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-03] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
U0 ucfnjb; C:\WINDOWS\System32\drivers\wmyxxxi.sys [79064 2017-03-17] (Malwarebytes Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-17 18:05 - 2017-03-17 18:06 - 00029487 _____ C:\Users\MELISSA\Desktop\FRST.txt
2017-03-17 18:04 - 2017-03-17 18:05 - 00000000 ____D C:\FRST
2017-03-17 18:04 - 2017-03-17 18:04 - 02424832 _____ (Farbar) C:\Users\MELISSA\Desktop\FRST64.exe
2017-03-17 18:02 - 2017-03-17 18:02 - 00195038 _____ C:\Users\MELISSA\Desktop\OTL.Txt
2017-03-17 07:22 - 2017-03-17 07:22 - 00000000 ____D C:\Users\MELISSA\Downloads\SmitfraudFix
2017-03-17 07:17 - 2017-03-17 07:18 - 01872472 _____ C:\Users\MELISSA\Downloads\SmitfraudFix.exe
2017-03-17 07:15 - 2017-03-17 07:15 - 05659355 _____ (Swearware) C:\Users\MELISSA\Downloads\ComboFix.exe
2017-03-17 07:12 - 2017-03-17 07:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\MELISSA\Downloads\HiJackThis.exe
2017-03-17 07:10 - 2017-03-17 07:11 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-17 07:10 - 2017-03-17 07:10 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-17 07:10 - 2017-03-17 07:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-17 07:09 - 2017-03-17 07:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-17 07:09 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-17 07:08 - 2017-03-17 07:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-17 07:05 - 2017-03-17 07:06 - 57131432 _____ (Malwarebytes ) C:\Users\MELISSA\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-17 06:57 - 2017-03-17 06:57 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\wmyxxxi.sys
2017-03-17 06:02 - 2017-03-17 06:03 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 002
2017-03-17 06:00 - 2017-03-17 06:00 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-17 001
2017-03-15 22:49 - 2017-03-15 22:49 - 00012864 ____N C:\bootsqm.dat
2017-03-10 11:32 - 2017-03-10 11:32 - 00000000 ____D C:\Users\MELISSA\Desktop\Power Of Attorney Van Title
2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Dynamsoft
2017-03-10 11:24 - 2017-03-10 11:24 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Dynamsoft
2017-03-10 11:21 - 2017-03-10 11:21 - 01781272 _____ (Dynamsoft Corporation) C:\Users\MELISSA\Downloads\DynamicWebTWAINHTML5Edition.exe
2017-03-10 11:20 - 2017-03-10 11:20 - 00000000 ____D C:\Users\MELISSA\Desktop\Steve Greenfield Pay Stub
2017-03-10 11:15 - 2017-03-10 11:15 - 00000000 ____D C:\Users\MELISSA\Desktop\2017-03-10 001
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-17 18:00 - 2015-01-31 15:59 - 00000000 ____D C:\Users\MELISSA\Desktop\Spyware Removers
2017-03-17 08:04 - 2016-09-29 17:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-17 08:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-17 07:08 - 2015-01-30 11:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-17 07:02 - 2016-11-21 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-17 06:57 - 2016-11-29 03:38 - 00000000 ____D C:\Users\MELISSA\AppData\LocalLow\Mozilla
2017-03-17 06:57 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\security
2017-03-17 06:57 - 2016-02-19 09:57 - 00000000 ____D C:\ProgramData\16bbc240
2017-03-17 06:46 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-15 23:01 - 2015-07-14 22:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-03-15 22:58 - 2016-10-15 01:07 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-03-15 22:57 - 2015-09-03 22:21 - 01011092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-15 22:54 - 2016-10-15 01:05 - 00000000 ____D C:\Users\MELISSA\AppData\Local\Overwolf
2017-03-15 22:52 - 2015-09-03 23:32 - 00000000 __SHD C:\Users\MELISSA\IntelGraphicsProfiles
2017-03-15 22:50 - 2016-09-29 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}
2017-03-10 11:19 - 2017-01-28 06:54 - 00000000 ____D C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}
2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}
2017-03-10 11:19 - 2017-01-28 00:52 - 00000000 ____D C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}
2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}
2017-03-10 11:19 - 2017-01-27 18:18 - 00000000 ____D C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}
2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}
2017-03-10 11:19 - 2017-01-27 06:52 - 00000000 ____D C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}
2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}
2017-03-10 11:19 - 2017-01-27 00:52 - 00000000 ____D C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}
2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}
2017-03-10 11:19 - 2017-01-26 18:52 - 00000000 ____D C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}
2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}
2017-03-10 11:19 - 2017-01-26 12:52 - 00000000 ____D C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}
2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}
2017-03-10 11:19 - 2017-01-26 06:52 - 00000000 ____D C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}
2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}
2017-03-10 11:19 - 2017-01-25 05:53 - 00000000 ____D C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}
2017-03-10 11:19 - 2017-01-22 07:56 - 00000000 ____D C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}
2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}
2017-03-10 11:19 - 2017-01-22 07:50 - 00000000 ____D C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}
2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}
2017-03-10 11:19 - 2017-01-22 07:46 - 00000000 ____D C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}
2017-03-10 11:19 - 2017-01-21 06:47 - 00000000 ____D C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}
2017-03-10 11:19 - 2017-01-21 06:45 - 00000000 ____D C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}
2017-02-15 11:24 - 2016-09-29 17:55 - 00000000 ____D C:\Users\MELISSA
2017-02-15 11:23 - 2015-03-20 08:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-15 11:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
==================== Files in the root of some directories =======
2015-06-15 02:38 - 2015-06-15 02:38 - 0000077 _____ () C:\Users\MELISSA\AppData\Roaming\Camdata.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamLayout.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0000408 _____ () C:\Users\MELISSA\AppData\Roaming\CamShapes.ini
2015-06-15 02:32 - 2015-06-15 02:39 - 0004536 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.cfg
2015-06-15 02:37 - 2015-06-15 02:37 - 0000098 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.command
2015-06-15 02:38 - 2015-06-15 02:38 - 0000000 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.Data.ini
2015-06-15 02:38 - 2015-06-15 02:38 - 0001207 _____ () C:\Users\MELISSA\AppData\Roaming\CamStudio.Producer.ini
2015-06-15 02:25 - 2015-06-15 02:25 - 0000096 _____ () C:\Users\MELISSA\AppData\Roaming\version2.xml
2016-09-29 17:49 - 2016-09-29 17:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Files to move or delete:
====================
C:\Users\MELISSA\DB501421562943B29E87E17A3AA55E0D.dat
C:\Users\MELISSA\DDB911B1C7CA441D8220DA0BF2521CF7.dat
C:\Users\MELISSA\DFB13C17C85B943FE1319201432B6D7E.dat
Some files in TEMP:
====================
2017-01-26 06:52 - 2017-01-26 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\109087577.t.exe
2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\114397200.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\117680638.t.exe
2017-01-28 06:53 - 2017-01-28 06:54 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\118445663.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\121754322.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\130401530.t.exe
2017-01-27 18:18 - 2017-01-27 18:18 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\20762209.t.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\2675474.t.exe
2017-03-10 11:18 - 2017-03-10 11:19 - 1626624 _____ () C:\Users\MELISSA\AppData\Local\Temp\27421117.t.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\33278308.t.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\53873459.t.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\54393553.t.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\56041400.t.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\70578395.t.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 0986624 _____ () C:\Users\MELISSA\AppData\Local\Temp\84033259.t.exe
2016-10-06 00:20 - 2016-09-26 12:04 - 0214856 _____ (Provo Craft & Novelty, Inc.) C:\Users\MELISSA\AppData\Local\Temp\CricutUtilCL.exe
2014-11-08 04:33 - 2015-01-24 05:30 - 0601088 _____ () C:\Users\MELISSA\AppData\Local\Temp\Quarantine.exe
2014-11-08 04:47 - 2014-10-17 07:39 - 0665682 _____ (SQLite Development Team) C:\Users\MELISSA\AppData\Local\Temp\sqlite3.dll
2016-10-15 01:06 - 2016-10-15 01:06 - 0065280 _____ () C:\Users\MELISSA\AppData\Local\Temp\utils.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-14 22:01
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by MELISSA (17-03-2017 18:07:24)
Running from C:\Users\MELISSA\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-29 22:37:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1956558233-2459589253-117431272-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1956558233-2459589253-117431272-503 - Limited - Disabled)
Guest (S-1-5-21-1956558233-2459589253-117431272-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1956558233-2459589253-117431272-1003 - Limited - Enabled)
MELISSA (S-1-5-21-1956558233-2459589253-117431272-1001 - Administrator - Enabled) => C:\Users\MELISSA
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Chronicle (HKLM-x32\...\{5F968911-50CB-4633-95BF-FD8560E9BF96}) (Version: 1.5.0 - Jagex)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cricut Design Space Client (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Cricut Design Space Client) (Version: 3.2.1.0 - Provo Craft)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Dynamic Web TWAIN HTML5 Edition (HKLM-x32\...\{B4D31736-4D13-4BCD-B050-7DD3E45C1650}) (Version: 11.1.831 - Dynamsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Icecream Screen Recorder version 1.47 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 1.47 - Icecream Apps)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.1.3000 - Maxthon International Limited)
Nielsen (HKLM-x32\...\NetSight) (Version: - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.103.32.0 - Overwolf Ltd.)
Pokki Start Menu (HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\Pokki_Start_Menu) (Version: 0.269.5.284 - Pokki)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
RuneScape Launcher 2.2.2 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.2 - Jagex Ltd)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports (11/04/2015 2.0.0.0) (HKLM\...\F9008028528C059AEF07C6D89D45BB3C63057E83) (Version: 11/04/2015 2.0.0.0 - Provo Craft & Novelty, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1956558233-2459589253-117431272-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0391BEB9-6AC3-403C-A60B-40D6D538C2EC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0D3CCADB-E386-4E02-897D-7009A2410673} - System32\Tasks\{01EFDECA-B644-6961-A8BB-D763D5B66E06} => C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe [2017-01-27] () <==== ATTENTION
Task: {10905323-0300-4186-B73D-9E95DBF70298} - System32\Tasks\{95D60FC6-227D-B86D-19F5-D972396C4F4C} => C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe [2017-01-26] () <==== ATTENTION
Task: {150FB894-17C8-42B2-B9FB-FCE3FE7EA8C2} - System32\Tasks\{ACCDFEE8-1B66-4943-4D55-BBAB411CAD06} => C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe [2017-01-21] () <==== ATTENTION
Task: {18C8D0D3-5A75-4F15-995F-F6AD463F9E51} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {19B214DB-DF7D-4383-9996-AD3165DF3EF2} - System32\Tasks\{AF6AC48F-18C1-7324-94F4-CA154EDA95C4} => C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe [2017-01-22] () <==== ATTENTION
Task: {274B4521-9F39-4BC3-AF2A-550CA9C7A6EC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-26] (Realtek Semiconductor)
Task: {2AF3ADA6-0785-4C88-9C14-EF55657B067E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {314ABEEA-EBB3-48A5-A57B-32F80DFD24AE} - System32\Tasks\{062C54AF-B187-E304-09B6-EB7DDF8C2EE9} => C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe [2017-01-26] () <==== ATTENTION
Task: {334E094A-12E8-43DB-BAFB-7E86BB33EF17} - System32\Tasks\{CC11BF43-7BBA-08E8-CBCD-E26B2B191DC5} => C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe [2017-01-22] () <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {373F1A19-80D8-4786-B7D4-35A77CC4DE19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
Task: {3B3010E6-9813-4167-BBD4-68D08CB485F1} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2016-10-25] (Maxthon International ltd.)
Task: {45AF1549-0727-4CA7-8100-773A26E12045} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
Task: {474EA57A-2756-47F5-B7A4-9D4CDC21E69A} - System32\Tasks\{86547DCC-31FF-CA67-3C10-C8115EF551FB} => C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe [2017-01-27] () <==== ATTENTION
Task: {48A1E01D-A72A-4268-A3BD-D784AA9E8379} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {4F6DF9EF-87C9-451A-9ADB-7AB3BA54046F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {586FEA0B-6F5A-4C04-8288-55152913AB81} - System32\Tasks\{DF6939E1-68C2-8E4A-A422-E59D6538AC9B} => C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe [2017-01-26] () <==== ATTENTION
Task: {5966C616-FA5C-48EC-8537-49B24EA875FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5A29FAFB-F6EC-486C-B203-0936F34DC71F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5BF3E5C9-AE89-40B0-A9E0-1E77A3DDCE06} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6793ECD1-5913-42FB-B512-4ECDA2F356BF} - System32\Tasks\{DED2743C-6979-C397-F3C1-98DDA2B6B234} => C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe [2017-01-27] () <==== ATTENTION
Task: {6904ED79-428A-4F92-A3DD-BEC235077348} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {6A810B0D-42D9-4649-A63B-297B9BEF87B7} - System32\Tasks\{4D9A6F38-FA31-D893-57BB-3F7854440D9C} => C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe [2017-01-26] () <==== ATTENTION
Task: {743F9E1D-6773-4200-9D5A-9C618661AC85} - System32\Tasks\{AC9D39CE-1B36-8E65-1B62-B7CC13536D58} => C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe [2017-01-28] () <==== ATTENTION
Task: {752DF187-541C-4B04-957C-B7EBFD43F7B2} - System32\Tasks\{D3B33BEA-6418-8C41-EF07-E92CA0AF275B} => C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe [2017-01-27] () <==== ATTENTION
Task: {7955CE6B-B103-4D68-92ED-54214361F32A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-03] (Synaptics Incorporated)
Task: {79F2BB62-83FE-4B90-B9F4-AB8827396969} - System32\Tasks\{BE05930B-09AE-24A0-5E79-0AFEC9E5ED67} => C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe [2017-01-28] () <==== ATTENTION
Task: {7CA36C8D-4322-42A5-A6F0-9CA836563B73} - System32\Tasks\{6377FA63-A286-4586-BC11-393CD0BCD97A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {90CED535-E6A7-4898-A78A-F0DC0495B1B1} - System32\Tasks\{0C3F35D2-16C9-405A-9AA3-8335DCBB9B69} => pcalua.exe -a C:\Users\MELISSA\AppData\Local\Pokki\Uninstall.exe
Task: {981F2511-39C3-419D-83A4-50EAB4FF93A6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9C12F2D5-3F64-4AE5-885E-D580BC3CB821} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9E659FAF-FCE7-4C75-A884-27B5617FFDF7} - System32\Tasks\{4D5CF935-5454-3A91-6458-C93FBF0E6059} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\16bbc240\3db4b5a7.dll" <==== ATTENTION
Task: {9E9563B2-AEAD-4CF2-9026-BCE905A7FAF3} - \WPD\SqmUpload_S-1-5-21-1956558233-2459589253-117431272-1001 -> No File <==== ATTENTION
Task: {9EEF332A-0305-4846-8ED9-3F7EBB2DDB5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-18] (Google Inc.)
Task: {9F6D1A3A-1935-439F-8192-74384D6BEBCE} - System32\Tasks\{276846BF-90C3-F114-DE26-4855ED0E4CC1} => C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe [2017-01-28] () <==== ATTENTION
Task: {A0BE6F80-787A-4726-A452-82E13BAD4FFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A0F79657-B8C3-4030-8351-6437CE0ABB7E} - System32\Tasks\{9FCB943D-2860-2396-D613-C162EF66EA83} => C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe [2017-01-27] () <==== ATTENTION
Task: {A7960F74-DC2D-4D46-A2C7-9C0536A04056} - System32\Tasks\{6324C194-D48F-763F-011D-D9340B96052C} => C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe [2017-01-25] () <==== ATTENTION
Task: {BB8DC87F-E4B3-44C9-9B91-1358BCD2A85F} - System32\Tasks\{9E7411AA-29DF-A601-2BB9-3C740808C0DC} => C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe [2017-01-22] () <==== ATTENTION
Task: {BDAE54E9-BF4C-4F82-982E-62FAEC4D1E48} - System32\Tasks\{BFF38F82-0858-3829-1F58-8E5A6C17A097} => C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe [2017-01-27] () <==== ATTENTION
Task: {CA911B0F-A3AA-44FE-B19B-6AC5A7892B05} - System32\Tasks\{FB3683A2-4C9D-3409-A845-EA2EB8A10946} => C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe [2017-01-21] () <==== ATTENTION
Task: {CACB0520-1E9B-4A0F-8346-212EE3581F56} - System32\Tasks\{3C5ABFB6-8BF1-081D-68EB-4121B3B4D3D6} => C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe [2017-01-22] () <==== ATTENTION
Task: {CC66B77A-B72B-4975-BBAC-A0058418F70F} - System32\Tasks\{B2B99EA1-0512-290A-E3F1-417498EF97FA} => C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe [2017-01-26] () <==== ATTENTION
Task: {CE1498A1-773C-4129-BE0B-251F0AEEDD13} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D273C52A-3710-4E1A-BA2F-AB2287C222AE} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-03-05] (Overwolf LTD)
Task: {D32EB657-EBD9-4741-90ED-0AE811F64E80} - System32\Tasks\{4B220945-FC89-BEEE-7E20-CF5EB2AC45EF} => C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe [2017-01-22] () <==== ATTENTION
Task: {DFDDE333-B0A3-483E-9266-735041CAE66A} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {E2707D30-BBA1-45F5-9E16-205F51144B38} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {E678B56F-D9F3-45B5-BA6D-525BC73FE57D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {E816A543-5BC5-420F-BDAD-EC29F392262E} - System32\Tasks\{0ACBC79C-BD60-7037-3869-4E89CDE6B533} => C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe [2017-01-26] () <==== ATTENTION
Task: {EA424FF9-A81F-48B1-8046-1D77E1678274} - System32\Tasks\{F3953A76-443E-8DDD-7E72-7D2F958E197E} => C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe [2017-01-25] () <==== ATTENTION
Task: {F746419A-5EEF-40A0-897B-6AF058357D14} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F8E13180-FC1C-424E-8E15-B88876F32503} - System32\Tasks\{83F46E7B-345F-D9D0-D175-8989F0A66C42} => C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe [2017-01-28] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Any.do.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ocgddccilgpeepgglnlpchkpgamkgmld
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\App Launcher for Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bllmngcdibgbgjnginpehneeofhbmdjm
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=decmldkknaaemlafplkkdmmmelbdnlja
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sunrise Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mojepfklcankkmikonjlnidiooanmpbb
ShortcutWithArgument: C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\VNC® Viewer for Google Chrome™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=iabmpiboiopbgfabjmgeedhcmjenhbla
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-04 19:11 - 2015-11-04 19:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-17 06:57 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-12-18 01:15 - 2015-12-18 01:15 - 07025984 _____ () C:\Program Files (x86)\Razer\Comms\RazerComms.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{996352B4-2EC8-E51F-9ADD-620398C05B03}\425B6C21-F5F0-DB8A-FDB6-9CB3C097E366.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{37DC116C-8077-A6C7-DDC0-5BF0B7EE4680}\AB0CE9B2-1CA7-5E19-9944-81C2B0F03193.exe
2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{EC43F210-5BE8-45BB-6658-628FBB9DB9CD}\A4FABC85-1351-0B2E-A619-1CA52163D556.exe
2017-01-27 00:52 - 2017-01-27 00:52 - 00986624 _____ () C:\ProgramData\{73F20617-C459-B1BC-399C-53509AFDCB4E}\DE495964-69E2-EECF-43D1-42B9351C7CD5.exe
2017-01-28 00:52 - 2017-01-28 00:52 - 00986624 _____ () C:\ProgramData\{8B7499E7-3CDF-2E4C-5C49-B82D1FD0EB03}\3A5FF4D7-8DF4-437C-A935-98A718AB77B7.exe
2017-01-25 05:53 - 2017-01-25 05:53 - 00986624 _____ () C:\ProgramData\{7DDE97D6-CA75-207D-8339-AA5219875DFB}\0431B153-B39A-06F8-864D-0DC9E44B2434.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{F6D9983A-4172-2F91-2FD4-E4D7F2AF049D}\948DCB08-2326-7CA3-909B-CB22D3AE3050.exe
2017-01-27 06:52 - 2017-01-27 06:52 - 00986624 _____ () C:\ProgramData\{A70B3DEF-10A0-8A44-7F08-93684BC83B00}\C64841B3-71E3-F618-4D84-E53B5C3C1A49.exe
2017-01-21 06:47 - 2017-01-21 06:47 - 00986624 _____ () C:\ProgramData\{7D54584B-CAFF-EFE0-9CB7-2A1C5AF707E0}\00605EDB-B7CB-E970-05BD-D79200DD8BE3.exe
2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{E9986FB2-5E33-D819-B8EA-872AB2BB4431}\98CD96E5-2F66-214E-235D-AE43484E104E.exe
2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{53ED4414-E446-F3BF-09E3-C3D46D7FD7B4}\FA6BCF52-4DC0-78F9-4BA5-38AD974B287C.exe
2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{266C5A94-91C7-ED3F-D663-E1CE611EB242}\095C4CA2-BEF7-FB09-6F25-035ED53A183D.exe
2017-01-21 06:45 - 2017-01-21 06:45 - 01373184 ____N () C:\ProgramData\{106E9D2A-A7C5-2A81-3B79-C644DF6C4194}\D5BDED97-6216-5A3C-234C-1DDA21B7A07C.exe
2017-01-27 18:18 - 2017-01-27 18:18 - 00986624 _____ () C:\ProgramData\{E88D83A7-5F26-340C-F264-438960ABDBA0}\467C4862-F1D7-FFC9-8580-FDA1F52EDCE1.exe
2017-01-27 18:18 - 2017-01-27 18:20 - 00986624 _____ () C:\ProgramData\{F7615924-40CA-EE8F-13B3-B9E234D69FDD}\96ED202D-2146-9786-A55B-C4722C323660.exe
2017-01-26 06:52 - 2017-01-26 06:52 - 00986624 _____ () C:\ProgramData\{0BB47844-BC1F-CFEF-F5F0-4E6EEB55800A}\7193FD56-C638-4AFD-F15B-CF8853533C9A.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{E87D5CED-5FD6-EB46-5FBD-DC3A24D143E1}\EB82AB60-5C29-1CCB-9900-53AAC7F8898D.exe
2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{242CDFC9-9387-6862-C69C-EC36BACBBE00}\42892CE9-F522-9B42-2BE3-955A95E31FE8.exe
2017-01-22 07:50 - 2017-01-22 07:50 - 00986624 _____ () C:\ProgramData\{A71308A3-10B8-BF08-3988-741D68BA1AD3}\D8DAF71E-6F71-40B5-391E-DB3F0D5DB064.exe
2017-01-26 18:52 - 2017-01-26 18:52 - 00986624 _____ () C:\ProgramData\{91769C8D-26DD-2B26-D41D-482D3CF3F0EE}\FF2DC289-4886-7522-153E-B433CA289662.exe
2017-01-28 06:54 - 2017-01-28 06:54 - 00986624 _____ () C:\ProgramData\{FD289B09-4A83-2CA2-D3EE-4DC8EB18DEA7}\AA9197AC-1D3A-2007-AA60-38C7FC66CA8E.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{47A2F007-F009-47AC-5E0C-8B7A29DFC5D3}\1528D5BC-A283-6217-721C-FFAD1DAC4676.exe
2017-01-26 12:52 - 2017-01-26 12:52 - 00986624 _____ () C:\ProgramData\{86C0DD5E-316B-6AF5-A8A4-0F8407E91E9A}\FF556E1E-48FE-D9B5-98B0-762383C05B77.exe
2017-01-22 07:46 - 2017-01-22 07:46 - 00986624 _____ () C:\ProgramData\{786DC66F-CFC6-71C4-BBE5-DC7B6B2B5BD5}\718E509C-C625-E737-EA19-F352D1593609.exe
2017-01-22 07:56 - 2017-01-22 07:56 - 01373184 ____N () C:\ProgramData\{BBC0D026-0C6B-678D-0483-7B7817911EB8}\F42CE6A2-4387-5109-92D2-6EABB8222F63.exe
2017-03-17 07:22 - 2008-05-27 23:17 - 00003584 _____ () C:\Users\MELISSA\Downloads\SmitfraudFix\Policies.exe
2017-03-17 07:08 - 2017-03-17 07:06 - 01192400 _____ () C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe
2017-03-17 07:03 - 2017-03-17 07:06 - 01192400 ____N () C:\Users\MELISSA\AppData\Local\Temp\_iu14D2N.tmp
2017-03-17 06:14 - 2017-03-17 06:15 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-17 06:14 - 2017-03-17 06:15 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-17 06:14 - 2017-03-17 06:15 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-17 06:14 - 2017-03-17 06:15 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-29 21:35 - 2016-09-29 21:35 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-22 08:30 - 2016-12-21 03:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-22 08:30 - 2016-12-21 02:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-22 08:30 - 2016-12-21 02:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-22 08:30 - 2016-12-21 02:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-21 01:38 - 2015-08-27 17:30 - 40622592 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libcef.dll
2017-03-05 04:56 - 2017-03-05 04:56 - 67310648 _____ () C:\Program Files (x86)\Overwolf\0.103.32.0\libcef.DLL
2016-10-21 01:38 - 2015-08-27 17:30 - 00911360 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libglesv2.dll
2016-10-21 01:38 - 2015-08-27 17:30 - 00134144 _____ () C:\Users\MELISSA\AppData\Local\razer\InGameEngine\cache\RazerComms\cef\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2016-01-05 14:25 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
There are 4 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MELISSA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TSSSrv"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeNotify"
HKLM\...\StartupApproved\Run32: => "TSVU"
HKLM\...\StartupApproved\Run32: => "Digital Coupon Print Driver"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_81FC116245CE5C543934A0C94EE6D6B3"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1956558233-2459589253-117431272-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{086B4BA1-5547-49E7-BC6E-DB4F68B2C740}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{8C3C76D9-341D-42AF-BA3D-65C2F25AD778}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [UDP Query User{0578F204-2D93-4448-B0EF-ABBEA689EC23}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [TCP Query User{550B6164-33D8-4C4D-B898-9C12105CC9A1}C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe] => (Allow) C:\users\melissa\appdata\roaming\cricutdesignspace\bridge\cricutbridge.exe
FirewallRules: [{7624BBA6-2F6F-45E4-8A96-5B5CFBDBEACC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{638FC31B-BE3B-4023-83E4-6B299D3150B1}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F1EDC2AB-5FB8-4F80-B54B-99D5672629EA}] => (Allow) C:\Users\MELISSA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{E49F4391-7130-43B4-AA1D-C5328A2BCCD7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{31CAEE89-5377-4EDA-86E5-F1E5BCD4DD33}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{759FD0EF-2B8E-4103-93AF-78A8129F4906}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{68EFAB0B-7EAB-46A5-AE81-AC5B3F0995EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79BB38C2-E12A-4591-8317-1A3B71206FC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
FirewallRules: [{98BC0562-3506-44C9-922D-5BC099EF5212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Legacy\rust.exe
FirewallRules: [UDP Query User{35B993E4-BCA7-4563-BC61-D8F358EDA0DA}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7120017F-6677-4E2E-9042-B1D02B373FAC}C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\frst\quarantine\c\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{152F1FEF-843D-4C29-9DB0-E9D733EA8CBD}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
FirewallRules: [TCP Query User{BD382E5A-7129-4220-B9D9-31F3050FAA53}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayz.exe
FirewallRules: [UDP Query User{5C3121F8-774B-4C4F-88E7-6FA2BAA8C5E4}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
FirewallRules: [TCP Query User{156F5660-3C57-4E03-B9BC-9749E5CCE964}C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe] => (Allow) C:\users\melissa\documents\frostwire\torrents\dayz standalone v0.46 final\dayz standalone v0.46\dayzserver.exe
FirewallRules: [UDP Query User{14218FCD-C652-40D6-BC36-481725DE7BE9}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{8CEC814B-E0A2-47EA-85A5-31C2BD0B4F85}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [{A658488A-5CBC-46A0-9B52-2A8D7C32A047}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BFDABC1E-E777-49E8-8072-88893E18E857}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FFDCFEAA-5D94-493C-9391-AF8DF0C32F83}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{95606AC7-A616-4DB4-AEBD-F0473EED84C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{EBDDD9BD-E66C-407C-AD11-71E480F7DECB}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DFDB259D-F688-42CB-A80C-A3C9C248333E}C:\users\melissa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\melissa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0B992E45-6653-4416-BDFA-A4A729425D33}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C5D505EA-43B6-4300-BE82-7F8FDC3AC480}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{04BEC408-E6F6-4679-A104-8452BFAB6A10}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1BF59C2D-0E2B-454D-B7F9-B58948964C94}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{BBA03D95-8073-4208-A7F1-C8CA37E59642}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{734561E9-D1A3-4055-9546-A3E8C5D60FBC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{A0AB1ECF-1804-45B2-8072-CDB352AC689D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{CEEA716C-191C-4E69-A75A-55B13ED48251}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74B67271-C80F-45EE-988C-8E15FB89D561}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1472E9B-AF3F-438C-B713-CABB221320C8}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
FirewallRules: [UDP Query User{F938384D-51C9-49B9-BAD1-17D2507798E6}C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe] => (Allow) C:\users\melissa\appdata\local\skypeplugin\7.10.0.93\pluginhost.exe
FirewallRules: [{AA2149C3-4B46-4462-8C23-D761F03201E1}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{471D150C-08A5-4FD0-8373-0DBEF6112E34}] => (Allow) C:\Program Files (x86)\OpinionSquare\opnsqr.exe
FirewallRules: [{7E08E2B5-835C-4AE6-977C-A5991BFE9342}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{3353F4B3-5C92-4040-A112-C617512518FB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{A5116747-72FB-487E-BFB0-DD9482C3501B}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{166A5E2C-6810-47EA-954A-97987FEA93BF}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{D6A94E67-FF06-43D6-A5E1-1C64017F306F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{093D3EB7-C3BB-4454-8AFD-06923972958F}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{8A1492F8-112C-463D-BCC5-4D285D1C7890}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
04-01-2017 14:48:51 Scheduled Checkpoint
22-01-2017 09:09:14 Windows Update
27-01-2017 09:20:22 Windows Update
10-03-2017 11:22:45 Installed Dynamic Web TWAIN HTML5 Edition
17-03-2017 07:02:36 Removed Chronicle
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2017 07:03:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/17/2017 05:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/10/2017 05:34:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (03/10/2017 11:23:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/10/2017 10:11:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STAYOFFMYLAPTOP)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/15/2017 11:26:48 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (02/15/2017 11:26:47 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
Error: (02/15/2017 11:26:47 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/15/2017 11:26:46 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (03/17/2017 08:08:21 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (03/17/2017 06:02:49 AM) (Source: DCOM) (EventID: 10010) (User: STAYOFFMYLAPTOP)
Description: The server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} did not register with DCOM within the required timeout.
Error: (03/15/2017 11:09:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 10:55:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
Error: (03/15/2017 10:52:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 10:50:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:41:25 PM on 3/15/2017 was unexpected.
Error: (03/10/2017 11:34:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 11:18:25 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {5B99FA76-721C-423C-ADAC-56D03C8A8007} did not register with DCOM within the required timeout.
Error: (03/10/2017 11:16:20 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
Error: (03/10/2017 11:14:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
CodeIntegrity:
===================================
Date: 2017-02-14 19:51:41.686
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-14 19:51:41.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-14 19:51:41.563
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:08.404
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:08.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:08.349
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:07.883
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:07.880
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:07.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 18:29:07.603
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 56%
Total physical RAM: 3982.88 MB
Available physical RAM: 1736.91 MB
Total Virtual: 5390.88 MB
Available Virtual: 2731.5 MB
==================== Drives ================================
Drive c: (TI10700000B) (Fixed) (Total:455.15 GB) (Free:389.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================