Solved Computer system infected

[nightowl1963200]

I need help desperately. It takes forever to do anything on my computer. It continuously goes very slow between pages. Trying to do just a few things with my email takes forever because it is continuously loading. I would appreciate any help you can give me. Thanks. Here is my log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by Pam (administrator) on PAM-HP (17-02-2017 12:44:42)
Running from C:\Users\Pam\Downloads
Loaded Profiles: Pam (Available Profiles: Pam & Lance & DefaultAppPool)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-09] (SUPERAntiSpyware)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1238152 2015-05-17] (Ruiware)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [151040 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1227895710-2253308091-917287798-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7486e1b5-947b-4559-a687-2802695e5da7}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{cef81da7-1771-4a04-88e9-f034ef43c05f}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{cef81da7-1771-4a04-88e9-f034ef43c05f}: [DhcpNameServer] 192.168.1.254
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKLM -> {9CA8224E-80FE-4076-9C1A-4908DC23BF71} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {47B25631-4692-4C6A-97C4-7945FBF2763F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\ondyo6pi.default-1486850447636 [2017-02-17]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\ondyo6pi.default-1486850447636\features\{2409b599-7b63-4d37-bdf3-18f22ee0685b}\[email protected] [2017-02-17]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\XvidlyPlus\FF => not found
FF HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1227895710-2253308091-917287798-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Pam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-09] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.classmates.com/favicon.ico
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Pam\AppData\Local\Roblox\Versions\version-465ca0bcd6b344c3\\NPRobloxProxy64.dll => No File
CHR Profile: C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Extension: (Google Docs) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (Explore 1962 Gainesville High School ...) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapbmkkcjlenmbgohkmcccbcbpmgljpk [2016-10-10]
CHR Extension: (YouTube) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Explore 1958 Gainesville High School ...) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdpneojnfifbmbjnghpchkpgodifkcp [2016-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Avast Passwords) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2016-12-07]
CHR Extension: (Avast SafePrice) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Avast Online Security) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (No Name) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddlfhoicnaonfnepnjogldeaifkocae [2017-01-06]
CHR Extension: (Super Browse for Netflix) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejponamigpndjgdmnpelkohnbpancjf [2016-04-12]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-01-22]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-01-01]
CHR Extension: (HP Network Check Launcher) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-29]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-11-29]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Unfriend Finder) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\olljnkilmblncgcghhaodkpdcnokhpah [2017-01-25]
CHR Extension: (Gmail) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [456456 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-07-02] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-09] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-25] (REALiX(tm))
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x64.sys [129224 2015-01-22] (Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-17] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 X86BDA; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys [666624 2012-04-27] ( )
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-08] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-17 12:44 - 2017-02-17 12:47 - 00032968 _____ C:\Users\Pam\Downloads\FRST.txt
2017-02-17 12:44 - 2017-02-17 12:44 - 00000000 ____D C:\FRST
2017-02-17 12:41 - 2017-02-17 12:44 - 02422272 _____ (Farbar) C:\Users\Pam\Downloads\FRST64.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00001671 _____ C:\Users\Pam\Desktop\WinPatrolEx.exe - Shortcut.lnk
2017-02-17 10:37 - 2017-02-17 10:37 - 00000000 ____D C:\ProgramData\InstallMate
2017-02-17 10:37 - 2017-02-17 10:37 - 00000000 ____D C:\Program Files (x86)\Ruiware
2017-02-17 10:35 - 2017-02-17 10:36 - 01333384 _____ (Ruiware) C:\Users\Pam\Downloads\wpsetup(1).exe
2017-02-17 10:33 - 2017-02-17 10:33 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-17 10:11 - 2017-02-17 10:11 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-17 10:09 - 2017-02-17 10:10 - 00344352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-11 18:04 - 2017-02-11 18:04 - 00011288 _____ C:\Users\Pam\Desktop\malwarbytes feb 11 2017.txt
2017-02-11 16:59 - 2017-02-11 16:59 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7BEE2076.sys
2017-02-11 16:58 - 2017-02-11 16:58 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56ED1F8E.sys
2017-02-10 15:06 - 2017-02-17 10:50 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-10 15:06 - 2017-02-17 10:47 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-10 15:06 - 2017-02-10 15:06 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-10 15:05 - 2017-02-17 10:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-10 15:05 - 2017-02-10 15:05 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-10 15:05 - 2017-02-10 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-10 15:05 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-10 15:04 - 2017-02-10 15:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-10 09:42 - 2017-02-10 09:42 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-09 15:22 - 2017-02-09 15:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\{C6C47CC8-BD7A-4F7D-8A87-8BBAF773C1CB}
2017-02-09 14:28 - 2017-02-09 14:28 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-02-08 19:09 - 2017-02-08 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-08 13:35 - 2017-02-08 13:35 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 13:35 - 2017-02-08 13:32 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 13:34 - 2017-02-08 13:33 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-03 10:53 - 2017-02-03 11:34 - 00002841 _____ C:\Users\Pam\Desktop\LYNCH DARTHA GAYLE HILBERT OBIT CLASS OF 1961.txt
2017-02-03 10:03 - 2017-02-03 10:03 - 00001494 _____ C:\Users\Pam\Desktop\BROOKS CURTIS RAY BROOKS CLASS OF 1955.txt
2017-02-01 16:36 - 2017-02-01 16:36 - 00003578 _____ C:\Users\Pam\Desktop\ghs info.txt
2017-02-01 15:31 - 2017-02-01 15:31 - 00002019 _____ C:\Users\Pam\Desktop\SiteBuilder.lnk
2017-02-01 15:31 - 2017-02-01 15:31 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco
2017-02-01 15:30 - 2017-02-01 15:31 - 00000000 ____D C:\Program Files (x86)\SiteBuilder
2017-01-31 19:49 - 2017-01-31 20:26 - 00000000 ___SH C:\Users\Pam\.pr_stat_data
2017-01-31 19:43 - 2017-01-31 19:43 - 00000000 ____D C:\Users\Pam\AppData\Roaming\NewspaperDirect
2017-01-30 10:12 - 2017-01-30 10:12 - 00002591 _____ C:\Users\Pam\Desktop\ROBERTS VIRGINIA ROBERTS ARCHER OBIT CLASS OF 1948.txt
2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-26 16:11 - 2017-01-30 16:34 - 00001191 _____ C:\Users\Pam\Desktop\WITT MARION WITT SMITH OBIT CLASS OF 1945.txt
2017-01-26 16:06 - 2017-01-26 16:06 - 00000077 _____ C:\Users\Pam\Desktop\1953GRIFFITH C L GRIFFITH INFO CLASS OF 1953.txt
2017-01-26 16:01 - 2017-01-30 16:28 - 00003759 _____ C:\Users\Pam\Desktop\SCHAFER DOUGLAS EUGENE SCHAFER OBIT CLASS OF 1952.txt
2017-01-26 15:53 - 2017-01-26 15:53 - 00001698 _____ C:\Users\Pam\Desktop\1956EVANS DONALD EVANS CLASS OF 1956.txt
2017-01-26 15:46 - 2017-01-29 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 14:57 - 2017-01-25 14:57 - 00000142 _____ C:\Users\Pam\Desktop\Darrall Dee Followill.txt
2017-01-25 14:53 - 2017-01-25 14:53 - 00000178 _____ C:\Users\Pam\Desktop\1968Damon Douglas McConnell.txt
2017-01-25 14:42 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 19:20 - 2017-01-24 19:20 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-24 19:20 - 2017-01-24 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 19:19 - 2017-01-24 19:20 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 19:19 - 2017-01-24 19:19 - 00000000 ____D C:\Program Files\iPod
2017-01-24 19:09 - 2017-01-24 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-23 19:32 - 2017-01-23 19:32 - 00000000 ____D C:\Users\Pam\AppData\Local\YSearchUtil
2017-01-23 19:29 - 2017-02-10 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-23 19:29 - 2017-01-23 19:29 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-23 18:53 - 2017-01-30 13:34 - 00001642 _____ C:\Users\Pam\Desktop\HOW TO RESIZE FB PHOTOS.txt
2017-01-23 17:32 - 2017-01-23 17:32 - 00001253 _____ C:\Users\Pam\Desktop\CERVICAL XRAY.txt
2017-01-22 15:27 - 2017-01-22 15:27 - 00001309 _____ C:\Users\Pam\Desktop\LUMBAR XRAY.txt
2017-01-21 11:59 - 2017-02-17 10:46 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPam.job
2017-01-21 11:59 - 2017-02-17 10:38 - 00003222 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPam
2017-01-18 16:15 - 2017-01-18 16:16 - 01065376 _____ (Google Inc.) C:\Users\Pam\Downloads\ChromeSetup (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-17 12:51 - 2016-09-20 19:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 12:46 - 2016-09-08 12:29 - 00091476 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-17 11:25 - 2016-09-06 13:41 - 00000000 ____D C:\Users\Pam\AppData\Roaming\WinPatrol
2017-02-17 11:09 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 11:09 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-17 10:52 - 2016-10-02 14:44 - 00000000 ____D C:\Users\Pam\AppData\LocalLow\Mozilla
2017-02-17 10:47 - 2016-09-06 13:19 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-17 10:46 - 2016-09-20 20:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 10:45 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-17 10:37 - 2016-09-06 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-02-17 10:34 - 2016-09-20 20:28 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461885022
2017-02-17 10:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-11 18:41 - 2014-02-28 10:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-11 18:06 - 2016-09-20 19:34 - 00000000 ____D C:\Users\Pam
2017-02-11 18:05 - 2013-10-14 09:36 - 00000000 ____D C:\ProgramData\Auslogics
2017-02-11 18:05 - 2013-07-06 09:04 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Auslogics
2017-02-11 16:00 - 2017-01-07 13:29 - 00000000 ____D C:\Users\Pam\Desktop\Old Firefox Data
2017-02-10 16:13 - 2014-02-28 11:01 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-10 15:04 - 2013-07-01 09:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-10 09:43 - 2013-10-16 08:35 - 00000000 ____D C:\ProgramData\Oracle
2017-02-10 09:41 - 2014-03-09 12:59 - 00000000 ____D C:\Program Files\Java
2017-02-09 16:18 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-09 16:16 - 2015-09-25 11:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-09 14:58 - 2013-07-06 08:58 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Process Hacker 2
2017-02-09 13:20 - 2013-02-04 15:35 - 00000000 ____D C:\Users\Pam\AppData\Local\ElevatedDiagnostics
2017-02-09 12:41 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 19:09 - 2015-08-06 10:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-08 13:33 - 2016-04-19 19:15 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 13:33 - 2014-04-30 15:30 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 13:32 - 2017-01-10 15:41 - 00456456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-02-06 15:24 - 2017-01-09 13:31 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 15:24 - 2017-01-09 13:31 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-05 17:24 - 2016-12-13 17:06 - 00000000 ___RD C:\Users\Pam\iCloudDrive
2017-02-04 19:57 - 2017-01-07 13:46 - 00000000 ____D C:\Users\Pam\Desktop\PAM CREDIT FILE
2017-02-01 16:36 - 2013-01-09 11:56 - 00000000 ____D C:\Users\Pam\Desktop\GHS CLASS MEMORIAL ACCESS LOGS
2017-02-01 15:23 - 2015-04-18 15:35 - 00000000 ____D C:\Program Files (x86)\Yahoo SiteBuilder
2017-02-01 14:54 - 2016-09-20 20:28 - 00002682 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-01-29 17:19 - 2017-01-09 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 11:17 - 2013-01-05 12:31 - 00000000 ____D C:\Users\Pam\Desktop\GHS PICS ALREADY ADDED TO WEBSITE
2017-01-26 15:52 - 2015-09-09 11:50 - 00002397 _____ C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 15:52 - 2015-09-09 11:50 - 00000000 ___RD C:\Users\Pam\OneDrive
2017-01-25 16:01 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 14:38 - 2013-01-05 12:26 - 00000000 ____D C:\Users\Pam\Desktop\GHS PICTURES NEEDING TO BE PUT ON WEBSITE
2017-01-25 14:38 - 2013-01-05 12:25 - 00000000 ____D C:\Users\Pam\Desktop\GHS OBITUARIES NEEDING TO BE ADDED TO WEBSITE
2017-01-24 19:19 - 2013-02-20 11:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-23 19:28 - 2015-01-27 09:50 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-20 18:10 - 2016-06-06 13:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-18 16:22 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-18 16:20 - 2014-05-07 19:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-18 16:17 - 2013-01-14 09:49 - 00001069 _____ C:\Users\Pam\Desktop\IrfanView.lnk

==================== Files in the root of some directories =======

2015-07-27 11:30 - 2015-07-27 11:30 - 4065363 _____ (Datel Design & Development ) C:\Program Files\powersaves_setup_v1.29.exe
2013-01-11 13:14 - 2013-02-25 08:13 - 0000089 _____ () C:\Users\Pam\AppData\Local\msmathematics.qat.Pam
2013-01-08 15:30 - 2016-03-17 13:02 - 0007668 _____ () C:\Users\Pam\AppData\Local\Resmon.ResmonCfg
2016-02-03 09:17 - 2016-02-03 09:17 - 0963707 _____ () C:\Users\Pam\AppData\Local\Scan-to-PDF_1679.rar

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 11:52

==================== End of FRST.txt ============================

 

[nightowl1963200]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Pam (17-02-2017 13:03:09)
Running from C:\Users\Pam\Downloads
Windows 8 Pro (X64) (2016-09-21 02:35:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1227895710-2253308091-917287798-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1227895710-2253308091-917287798-503 - Limited - Disabled)
Guest (S-1-5-21-1227895710-2253308091-917287798-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1227895710-2253308091-917287798-1002 - Limited - Enabled)
Lance (S-1-5-21-1227895710-2253308091-917287798-1003 - Limited - Enabled) => C:\Users\Lance
Pam (S-1-5-21-1227895710-2253308091-917287798-1000 - Administrator - Enabled) => C:\Users\Pam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fairway™ (HKLM-x32\...\BFG-Fairway) (Version: - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5010 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
SiteBuilder (HKLM-x32\...\SiteBuilder) (Version: 2.9.0 - Aabaco)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WebLog Expert Lite 8.6 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.6 - Alentum Software Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.12 - Ruiware)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1227895710-2253308091-917287798-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Pam\AppData\Local\Roblox\Versions\version-465ca0bcd6b344c3\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02DABE4B-8351-4A4E-B461-D8682AE62D34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {03F52D20-8F68-488A-8721-EC5B46FA51F8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {11079C3B-7BE6-4B43-8F31-19857AF70B2C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {16B7F2D2-1E86-4910-B5B8-759606DF4FB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {196D9315-92E1-45BB-8598-E1504D993DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1A92EA3B-1E37-4F95-81DA-10FD7A2F63A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {20194E04-DAE9-4E0B-868D-CD80A8F2DF44} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {36148B77-2B2C-4AE2-BB5A-2E2DF25DBA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {38A9559B-9CAA-4717-8503-6A533FFA56EB} - System32\Tasks\HPCeeScheduleForPam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {394899C1-633C-4C9B-81EA-B93279FC9CFF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {43A6EB22-A316-49AC-A42B-16453220FC74} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {481C806D-7959-4011-953B-542F57677978} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {489AA681-D38A-41EA-93DC-291707529C29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {59280C14-49FD-4341-AA1B-60AC60605DA0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {6521ED0B-E669-4739-AC7F-ED0DE68A999F} - System32\Tasks\{C6C47CC8-BD7A-4F7D-8A87-8BBAF773C1CB} => pcalua.exe -a "C:\Program Files (x86)\Action Replay PowerSaves 3DS\unins000.exe"
Task: {66028B23-1132-428F-B808-333FDF887AE3} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {6676FD23-9398-4A01-BC0F-9B2A8B38671E} - System32\Tasks\SafeZone scheduled Autoupdate 1461885022 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {6FE2E576-7675-40AF-BC7E-0767FBFA396A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {78535D55-2A28-4621-B3B6-7ED0DAB6B11E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {795BA566-BDE2-40B1-A33B-8A521480ECD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {7ADE86FC-FA7A-4E39-BE86-36BCE996ABA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {7FF668BC-A886-445F-BCD7-B6C9156EB863} - System32\Tasks\{C5F2FB56-E89E-43E0-845B-B25E1991814A} => pcalua.exe -a C:\Users\Pam\Desktop\AdobeAIRInstaller.exe -d C:\Users\Pam\Desktop
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {80E19BD3-6990-4DF0-92D9-1B375299DDD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {853A752F-EE75-4F28-9B63-01BFCDA5E841} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {85A87E9B-A067-461E-9017-192F260E247F} - System32\Tasks\{1BC3AFC8-2025-482A-AA14-B2F029F3838D} => pcalua.exe -a C:\Users\Pam\Downloads\iview438_setup.exe -d C:\Users\Pam\Downloads
Task: {8A1C3C17-1756-4D6E-B428-0C4C7AEAACD3} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {8F809813-2CD4-417C-912F-7A084301BE36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {938B02CD-7EB5-4F42-BC6F-E2D9E081AE95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9E035C1B-4375-4670-840A-C57E7FC7EB78} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A7CA828D-5D90-416F-A978-D2894E9297E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A854028E-394E-4B76-9F42-D247ECD82F67} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {AAAEA3D4-7007-44C6-BC11-8C632D3EB0B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B2C27F7A-D503-4A69-94DD-4D3E0E2552B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BD90CF0E-12B7-44F6-A795-16106E54308E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {C038F5E4-BBE5-43BD-BEC9-34AB917ED99A} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {C0E8D689-F813-43B7-B4DD-40E69EC683F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19] (Dropbox, Inc.)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C4D3427E-09D0-4D66-BE00-F51480143DE7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C96A73A3-33FB-4166-AAE7-C1A778F3F61E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C96EAF26-61F1-4BF9-8811-8E2EE65DA46B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CD961886-ABA0-4926-9EFB-135474E4D158} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE201800-446C-4F02-B89C-ADA432C5CC32} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D51C2D71-30E7-4E4F-AAF2-F2EC16C2944B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {D54070FE-3293-4412-A8A5-B48FE67A4F3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E65AC9DD-DBB7-4A84-9F14-600CF668BBB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E9512CEB-1678-4216-A31E-775539593FE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F309057D-D116-487F-8B54-45C8FE0F955A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3E60E29-4639-409D-981C-17756836A26E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F9639B6E-8246-4975-9B61-CD901F301CDD} - System32\Tasks\{B53CB0A1-A1AC-4B42-A39F-694355AAD2B7} => msiexec.exe /package "C:\Users\Pam\AppData\Local\Apple\Apple Software Update\iTunes64.msi"
Task: {FF003060-E5F4-4B10-ADEF-7F0753D4BFAC} - System32\Tasks\{79F7B598-C204-4CC6-A43F-6BB78C2B439D} => C:\Users\Pam\Desktop\ReallySlickScreensavers-0.2_installer.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Pam\Desktop\SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco\SiteBuilder\SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\update.bat ()

ShortcutWithArgument: C:\Users\Pam\Desktop\HP\New folder\PicMonkey.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fgdgokchhicmaiacmgegjnppjkgogdhm
ShortcutWithArgument: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roozz\IrfanView4.33.lnk -> C:\Users\Pam\AppData\Local\Roozz\icons\93_icon.ico () -> hxxp://93.apps.roozzstore.com/IrfanView.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 13:58 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 13:58 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-07 19:00 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-02-10 15:05 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-10 15:05 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-10 15:05 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-20 22:07 - 2016-09-20 22:07 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 17:40 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 17:39 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 17:39 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-27 19:29 - 2016-05-27 19:29 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2017-02-08 13:33 - 2017-02-08 13:33 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-25 18:12 - 2016-06-25 18:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 13:32 - 2017-02-08 13:32 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-08 13:33 - 2017-02-08 13:33 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:07BF512B [153]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-se.com -> 1-se.com

There are 11944 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-09-08 15:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam\Downloads\burning_violin-wallpaper-3750x3000.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Pam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F6630FF055441419D9F7AE70C1F7BA8A"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\StartupApproved\Run: => "iCloudPhotos"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{4429E7BF-EB63-4E2D-ABAC-FD60E1AAA2D5}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [TCP Query User{A6A423B9-2A12-462D-BE63-B8FE170A18A4}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [UDP Query User{7484263C-01BC-40CA-9A4D-523AA2B6F6BA}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{DB2F47DA-4752-453B-8560-ECBB54B64753}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{43EB639A-16FE-4343-A785-642729B7E959}C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [TCP Query User{75EB280F-5C47-4B3D-97CA-847ABF6B7B80}C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [{49E9B519-583B-42F8-AE54-119FDB4B4143}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F208B434-6838-4B8C-90C0-12A71F4B5513}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45C21727-796F-49B9-8665-AADF2944F7CA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F72B06FC-BCEF-4B47-BE7C-61D370B03F81}] => (Allow) LPort=1900
FirewallRules: [{9661B3B6-2326-47BF-B704-B5137BB78594}] => (Allow) LPort=2869
FirewallRules: [{676FFCC8-85F0-4753-92F7-0D82C7C08187}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{44AC73E5-A3B5-4703-93EA-B31B29D21C3D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{4DFAA34E-F918-48E0-BD75-D155ED565EA3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CF42A662-E727-48E2-AA64-0FBFA985CB42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D1A81F5A-ABC3-4854-B3B0-3D01639F350A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{7A404ECC-F8C4-4BA8-A373-2A41A6E1C0EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9111726C-23E8-4135-93B7-635B34107A3E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{101A446F-FC67-4011-816D-5DB8DBE22FAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{69F5A1CE-52DF-4554-8A28-4AE74BF8B303}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66921FC5-D438-4D82-8800-F7428C9BC884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EA81DFE-B8F5-4C0E-ACD0-7D7782DACA00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9A8E6A3-A89D-4CC4-B806-8C1A8037DADA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B4CB15-7EF4-4EC2-8B19-ACAFC0260B84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32F341DC-17F8-4B66-9ACA-7E6437254512}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E03B49E-A2AC-4DA3-8F34-6931FF198D66}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{92FB5856-564B-4D78-B117-C1E5FF4D420C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5E90B2A-3C4C-460D-958C-6B0D11716F5F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{261162A5-D186-4991-94EF-E02C2235180A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================

29-01-2017 09:24:49 Avast Cleanup
05-02-2017 09:01:31 Avast Cleanup
12-02-2017 10:56:49 Avast Cleanup

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2017 10:58:13 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (02/17/2017 10:47:04 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/17/2017 10:40:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinPatrolEx.exe version 33.5.2015.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22a8

Start Time: 01d2893c4e162ffd

Termination Time: 179

Application Path: C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe

Report Id: b42bc821-f52f-11e6-9c5c-4c72b940f9c5

Faulting package full name:

Faulting package-relative application ID:

Error: (02/17/2017 10:21:29 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (02/17/2017 10:17:36 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/17/2017 10:10:31 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/12/2017 10:57:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/11/2017 06:40:32 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/11/2017 05:14:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/11/2017 05:10:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (02/17/2017 10:50:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dropbox Update Service (dbupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (02/17/2017 10:50:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the dbupdate service to connect.

Error: (02/17/2017 10:47:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2017 10:46:55 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/17/2017 10:45:45 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a preshutdown control.

Error: (02/17/2017 10:26:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2017 10:19:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (02/17/2017 10:10:25 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/12/2017 09:02:29 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/11/2017 09:41:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 59%
Total physical RAM: 3667.8 MB
Available physical RAM: 1477.88 MB
Total Virtual: 4307.8 MB
Available Virtual: 1222.08 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.32 GB) (Free:375.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.78 GB) (Free:2.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE514FF6)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[nightowl1963200]

Hi Broni,
I appreciate you helping me. I am running the scans now. I have to go out of town this evening to take care of my father until Monday. Do you want me to post the log files I have this evening, or do you want me to wait until I get back and post all the log files together after everything is scanned? It looks like there will be no way I get everything scanned by this evening.

Thanks,
Pam

 

[Broni]

It really doesn't matter to me.
Whatever is convenient for you

 

[nightowl1963200]

Just wanted to let you know that I am back and starting to run the scans. I am on Malwarebytes scan. Thanks!

 

[Broni]

 

[nightowl1963200]

Here are my logs:

Rogue Killer:

RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Pam [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 02/18/2017 08:52:30 (Duration : 09:01:25)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Pam\AppData\Local\YSearchUtil -> Deleted
[PUP.Gen1][Folder] C:\Users\Pam\AppData\Local\YSearchUtil\CrashLogs -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E62B017A-1DC2-394C-93FB-4E51A5E5AE33}\unset.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E62B017A-1DC2-394C-93FB-4E51A5E5AE33}\YSearchSetTool.exe -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E62B017A-1DC2-394C-93FB-4E51A5E5AE33}\YSearchUtil.dll -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Yahoo!\yset\{E62B017A-1DC2-394C-93FB-4E51A5E5AE33}\YSearchUtilSVC.exe -> Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Yahoo!\yset\{E62B017A-1DC2-394C-93FB-4E51A5E5AE33} -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 3AS SATA Disk Device +++++
--- User ---
[MBR] dcd6903ffcc4cb5cf5b2e93dccd9ae58
[BSP] fc6002e703ec5b431f211f5b4af6f757 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 459083 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 940670976 | Size: 450 MB
4 - Basic data partition | Offset (sectors): 941592576 | Size: 17178 MB
User = LL1 ... OK
User = LL2 ... OK

_____________________________________________________________________________________________

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/20/17
Scan Time: 4:52 PM
Logfile: malwarebytes log file.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1312
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Pam-HP\Pam

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 546608
Time Elapsed: 1 hr, 1 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
_______________________________________________________________________________________________

# AdwCleaner v6.043 - Logfile created 20/02/2017 at 22:21:44
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 8 Pro (X64)
# Username : Pam - PAM-HP
# Running from : C:\Users\Pam\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\Pam\AppData\Roaming\Auslogics
[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[-] Folder deleted: C:\Program Files (x86)\Auslogics
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\WINDOWS\SysWoW64\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\SysWoW64\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage
[-] File deleted: C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.cmptch.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Auslogics
[-] Key deleted: HKCU\Software\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: [x64] HKCU\Software\Auslogics
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimage.nanorep.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimage.nanorep.co
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Value deleted: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WeatherBug]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

[-] [C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6760 Bytes] - [06/09/2016 09:40:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [5998 Bytes] - [20/02/2017 22:21:44]
C:\AdwCleaner\AdwCleaner[R0].txt - [15376 Bytes] - [02/01/2015 21:20:54]
C:\AdwCleaner\AdwCleaner[R1].txt - [3633 Bytes] - [25/05/2015 14:14:37]
C:\AdwCleaner\AdwCleaner[R2].txt - [1030 Bytes] - [30/05/2015 12:41:33]
C:\AdwCleaner\AdwCleaner[R3].txt - [1090 Bytes] - [30/05/2015 12:48:55]
C:\AdwCleaner\AdwCleaner[R4].txt - [2278 Bytes] - [09/02/2016 18:49:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [15468 Bytes] - [02/01/2015 21:28:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [3751 Bytes] - [25/05/2015 14:21:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [1155 Bytes] - [30/05/2015 12:52:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [6521 Bytes] - [06/09/2016 09:33:45]
C:\AdwCleaner\AdwCleaner[S4].txt - [2408 Bytes] - [06/09/2016 10:04:32]
C:\AdwCleaner\AdwCleaner[S5].txt - [6684 Bytes] - [20/02/2017 19:49:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6876 Bytes] ##########

_____________________________________________________________________________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Pam (Administrator) on Tue 02/21/2017 at 10:35:46.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/21/2017 at 10:46:32.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[nightowl1963200]

Here are the Farbar Recovery Logs: FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017
Ran by Pam (administrator) on PAM-HP (22-02-2017 13:53:51)
Running from C:\Users\Pam\Desktop
Loaded Profiles: Pam (Available Profiles: Pam & Lance & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Farbar) C:\Users\Pam\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-08] (AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-08] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pam\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1227895710-2253308091-917287798-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7486e1b5-947b-4559-a687-2802695e5da7}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{cef81da7-1771-4a04-88e9-f034ef43c05f}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{cef81da7-1771-4a04-88e9-f034ef43c05f}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com
HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKLM -> {9CA8224E-80FE-4076-9C1A-4908DC23BF71} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fb4250c9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {47B25631-4692-4C6A-97C4-7945FBF2763F} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/I.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1227895710-2253308091-917287798-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-10] (Oracle Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://files.pcpitstop.com/cab/pcmatic.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {9732FB42-C321-11D1-836F-00A0C993F125} hxxp://www.pcpitstop.com/mhLbl.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\ondyo6pi.default-1486850447636 [2017-02-22]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\ondyo6pi.default-1486850447636\features\{dc7b5b00-098e-4160-a095-cb296540bf9b}\[email protected] [2017-02-20]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\XvidlyPlus\FF => not found
FF HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1227895710-2253308091-917287798-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Pam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-09] (Citrix Online)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxp://www.classmates.com/favicon.ico
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\Pam\AppData\Local\Roblox\Versions\version-465ca0bcd6b344c3\\NPRobloxProxy64.dll => No File
CHR Profile: C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default [2017-02-20]
CHR Extension: (Google Docs) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-19]
CHR Extension: (Explore 1962 Gainesville High School ...) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bapbmkkcjlenmbgohkmcccbcbpmgljpk [2016-10-10]
CHR Extension: (YouTube) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-18]
CHR Extension: (Explore 1958 Gainesville High School ...) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebdpneojnfifbmbjnghpchkpgodifkcp [2016-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Avast Passwords) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2016-12-07]
CHR Extension: (Avast SafePrice) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-22]
CHR Extension: (Google Docs Offline) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Avast Online Security) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (No Name) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iddlfhoicnaonfnepnjogldeaifkocae [2017-01-06]
CHR Extension: (Super Browse for Netflix) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejponamigpndjgdmnpelkohnbpancjf [2016-04-12]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-01-22]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-01-01]
CHR Extension: (HP Network Check Launcher) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-01-29]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-11-29]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-04-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Unfriend Finder) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\olljnkilmblncgcghhaodkpdcnokhpah [2017-01-25]
CHR Extension: (Gmail) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]
CHR HKU\S-1-5-21-1227895710-2253308091-917287798-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ncmdmcjifbkefpaijakdbgfjbpaonjhg] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-08] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-08] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-08] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-08] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-08] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-08] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-08] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-08] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [456456 2017-02-08] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-08] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-08] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-08] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-08] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-08] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2014-07-02] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-10] (AVAST Software)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-09] ()
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-25] (REALiX(tm))
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x64.sys [129224 2015-01-22] (Qualcomm Atheros Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 X86BDA; C:\WINDOWS\system32\DRIVERS\OEMDrv.sys [666624 2012-04-27] ( )
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-08] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 13:53 - 2017-02-22 13:55 - 00031246 _____ C:\Users\Pam\Desktop\FRST.txt
2017-02-22 13:49 - 2017-02-22 13:53 - 02422784 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2017-02-22 02:19 - 2017-02-22 02:20 - 02422784 _____ (Farbar) C:\Users\Pam\Downloads\FRST64(1).exe
2017-02-21 10:46 - 2017-02-21 10:47 - 00000553 _____ C:\Users\Pam\Desktop\JRT.txt
2017-02-21 10:33 - 2017-02-21 10:34 - 01663040 _____ (Malwarebytes) C:\Users\Pam\Downloads\JRT(2).exe
2017-02-20 22:51 - 2017-02-20 22:51 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-20 22:26 - 2017-02-20 22:26 - 00007034 _____ C:\Users\Pam\Desktop\AdwCleaner[C2].txt
2017-02-20 18:32 - 2017-02-20 18:33 - 04015056 _____ C:\Users\Pam\Downloads\AdwCleaner.exe
2017-02-20 18:29 - 2017-02-20 18:29 - 00001099 _____ C:\Users\Pam\Desktop\malwarebytes log file.txt
2017-02-20 15:55 - 2017-02-20 15:55 - 00344352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-18 18:00 - 2017-02-18 18:01 - 00006352 _____ C:\Users\Pam\Desktop\Rogue Killer 116A.tmp log file.txt
2017-02-18 08:52 - 2017-02-18 08:52 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-18 08:50 - 2017-02-18 18:02 - 00000000 ____D C:\ProgramData\RogueKiller
2017-02-18 08:50 - 2017-02-18 08:50 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-18 08:50 - 2017-02-18 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-18 08:50 - 2017-02-18 08:50 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-18 08:45 - 2017-02-18 08:49 - 34801784 _____ (Adlice Software ) C:\Users\Pam\Downloads\setup.exe
2017-02-18 08:25 - 2017-02-18 08:25 - 00000000 ____D C:\Users\Pam\Desktop\TECH FORUM
2017-02-17 14:08 - 2017-02-17 14:09 - 01764352 _____ (Farbar) C:\Users\Pam\Downloads\FRST.exe
2017-02-17 13:03 - 2017-02-22 02:37 - 00036080 _____ C:\Users\Pam\Downloads\Addition.txt
2017-02-17 12:44 - 2017-02-22 02:37 - 00046261 _____ C:\Users\Pam\Downloads\FRST.txt
2017-02-17 12:44 - 2017-02-22 02:20 - 00000000 ____D C:\FRST
2017-02-17 12:41 - 2017-02-17 12:44 - 02422272 _____ (Farbar) C:\Users\Pam\Downloads\FRST64.exe
2017-02-17 10:42 - 2017-02-17 10:42 - 00001671 _____ C:\Users\Pam\Desktop\WinPatrolEx.exe - Shortcut.lnk
2017-02-17 10:37 - 2017-02-17 10:37 - 00000000 ____D C:\ProgramData\InstallMate
2017-02-17 10:37 - 2017-02-17 10:37 - 00000000 ____D C:\Program Files (x86)\Ruiware
2017-02-17 10:35 - 2017-02-17 10:36 - 01333384 _____ (Ruiware) C:\Users\Pam\Downloads\wpsetup(1).exe
2017-02-17 10:33 - 2017-02-17 10:33 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-11 16:59 - 2017-02-11 16:59 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7BEE2076.sys
2017-02-11 16:58 - 2017-02-11 16:58 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56ED1F8E.sys
2017-02-10 15:06 - 2017-02-20 22:24 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-10 15:06 - 2017-02-20 15:57 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-10 15:06 - 2017-02-10 15:06 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-10 15:05 - 2017-02-20 22:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-10 15:05 - 2017-02-10 15:05 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-10 15:05 - 2017-02-10 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-10 15:05 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-10 15:04 - 2017-02-10 15:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-10 09:42 - 2017-02-10 09:42 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-09 15:22 - 2017-02-09 15:22 - 00003270 _____ C:\WINDOWS\System32\Tasks\{C6C47CC8-BD7A-4F7D-8A87-8BBAF773C1CB}
2017-02-09 14:28 - 2017-02-09 14:28 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-02-08 19:09 - 2017-02-08 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-08 13:35 - 2017-02-08 13:35 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-08 13:35 - 2017-02-08 13:32 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-08 13:35 - 2017-02-08 13:32 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-08 13:34 - 2017-02-08 13:33 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 22:38 - 2017-02-06 22:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-01 16:36 - 2017-02-01 16:36 - 00003578 _____ C:\Users\Pam\Desktop\ghs info.txt
2017-02-01 15:31 - 2017-02-01 15:31 - 00002019 _____ C:\Users\Pam\Desktop\SiteBuilder.lnk
2017-02-01 15:31 - 2017-02-01 15:31 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco
2017-02-01 15:30 - 2017-02-01 15:31 - 00000000 ____D C:\Program Files (x86)\SiteBuilder
2017-01-31 19:49 - 2017-01-31 20:26 - 00000000 ___SH C:\Users\Pam\.pr_stat_data
2017-01-31 19:43 - 2017-01-31 19:43 - 00000000 ____D C:\Users\Pam\AppData\Roaming\NewspaperDirect
2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-29 09:36 - 2017-01-29 09:36 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-26 16:06 - 2017-01-26 16:06 - 00000077 _____ C:\Users\Pam\Desktop\1953GRIFFITH C L GRIFFITH INFO CLASS OF 1953.txt
2017-01-26 15:46 - 2017-01-29 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 14:57 - 2017-01-25 14:57 - 00000142 _____ C:\Users\Pam\Desktop\Darrall Dee Followill.txt
2017-01-25 14:53 - 2017-01-25 14:53 - 00000178 _____ C:\Users\Pam\Desktop\1968Damon Douglas McConnell.txt
2017-01-25 14:42 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 14:42 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 19:20 - 2017-01-24 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 19:19 - 2017-01-24 19:20 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 19:19 - 2017-01-24 19:19 - 00000000 ____D C:\Program Files\iPod
2017-01-24 19:09 - 2017-01-24 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-23 19:29 - 2017-02-10 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-23 19:29 - 2017-01-23 19:29 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-23 18:53 - 2017-01-30 13:34 - 00001642 _____ C:\Users\Pam\Desktop\HOW TO RESIZE FB PHOTOS.txt
2017-01-23 17:32 - 2017-01-23 17:32 - 00001253 _____ C:\Users\Pam\Desktop\CERVICAL XRAY.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 13:53 - 2016-09-08 12:29 - 00697626 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-22 13:34 - 2016-09-20 19:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 12:56 - 2016-10-02 14:44 - 00000000 ____D C:\Users\Pam\AppData\LocalLow\Mozilla
2017-02-22 02:18 - 2013-04-25 02:22 - 00000000 ____D C:\Users\Pam\AppData\Local\CrashDumps
2017-02-21 15:26 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 15:26 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 10:34 - 2010-11-20 21:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-20 22:27 - 2017-01-07 13:46 - 00000000 ____D C:\Users\Pam\Desktop\PAM CREDIT FILE
2017-02-20 22:25 - 2016-12-13 17:06 - 00000000 ___RD C:\Users\Pam\iCloudDrive
2017-02-20 22:24 - 2016-09-06 13:19 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 22:23 - 2016-09-20 20:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 22:22 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-20 22:21 - 2015-01-02 21:20 - 00000000 ____D C:\AdwCleaner
2017-02-20 15:55 - 2017-01-21 11:59 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPam.job
2017-02-20 15:55 - 2015-01-20 15:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-18 17:59 - 2013-01-05 14:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2017-02-18 17:08 - 2017-01-21 11:59 - 00003222 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPam
2017-02-18 11:02 - 2013-01-05 12:26 - 00000000 ____D C:\Users\Pam\Desktop\GHS PICTURES NEEDING TO BE PUT ON WEBSITE
2017-02-17 18:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-17 18:31 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-17 16:35 - 2013-01-05 12:25 - 00000000 ____D C:\Users\Pam\Desktop\GHS OBITUARIES NEEDING TO BE ADDED TO WEBSITE
2017-02-17 14:26 - 2015-11-01 09:48 - 00000000 ____D C:\Users\Pam\Desktop\HP
2017-02-17 14:25 - 2017-01-07 13:29 - 00000000 ____D C:\Users\Pam\Desktop\Old Firefox Data
2017-02-17 11:25 - 2016-09-06 13:41 - 00000000 ____D C:\Users\Pam\AppData\Roaming\WinPatrol
2017-02-17 10:37 - 2016-09-06 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2017-02-17 10:34 - 2016-09-20 20:28 - 00004004 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1461885022
2017-02-17 10:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-11 18:41 - 2014-02-28 10:59 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-11 18:06 - 2016-09-20 19:34 - 00000000 ____D C:\Users\Pam
2017-02-10 16:13 - 2014-02-28 11:01 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-10 15:04 - 2013-07-01 09:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-10 09:43 - 2013-10-16 08:35 - 00000000 ____D C:\ProgramData\Oracle
2017-02-10 09:41 - 2014-03-09 12:59 - 00000000 ____D C:\Program Files\Java
2017-02-09 16:18 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-09 16:16 - 2015-09-25 11:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-09 14:58 - 2013-07-06 08:58 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Process Hacker 2
2017-02-09 13:20 - 2013-02-04 15:35 - 00000000 ____D C:\Users\Pam\AppData\Local\ElevatedDiagnostics
2017-02-09 12:41 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 19:09 - 2015-08-06 10:04 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-08 13:33 - 2016-04-19 19:15 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-08 13:33 - 2014-04-30 15:30 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-08 13:33 - 2014-02-28 11:01 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-08 13:32 - 2017-01-10 15:41 - 00456456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-02-06 15:24 - 2017-01-09 13:31 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 15:24 - 2017-01-09 13:31 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-01 16:36 - 2013-01-09 11:56 - 00000000 ____D C:\Users\Pam\Desktop\GHS CLASS MEMORIAL ACCESS LOGS
2017-02-01 15:23 - 2015-04-18 15:35 - 00000000 ____D C:\Program Files (x86)\Yahoo SiteBuilder
2017-02-01 14:54 - 2016-09-20 20:28 - 00002682 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-01-29 17:19 - 2017-01-09 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 11:17 - 2013-01-05 12:31 - 00000000 ____D C:\Users\Pam\Desktop\GHS PICS ALREADY ADDED TO WEBSITE
2017-01-26 15:52 - 2015-09-09 11:50 - 00002397 _____ C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-26 15:52 - 2015-09-09 11:50 - 00000000 ___RD C:\Users\Pam\OneDrive
2017-01-25 16:01 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-24 19:19 - 2013-02-20 11:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-23 19:28 - 2015-01-27 09:50 - 00000000 ____D C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2015-07-27 11:30 - 2015-07-27 11:30 - 4065363 _____ (Datel Design & Development ) C:\Program Files\powersaves_setup_v1.29.exe
2013-01-11 13:14 - 2013-02-25 08:13 - 0000089 _____ () C:\Users\Pam\AppData\Local\msmathematics.qat.Pam
2013-01-08 15:30 - 2016-03-17 13:02 - 0007668 _____ () C:\Users\Pam\AppData\Local\Resmon.ResmonCfg
2016-02-03 09:17 - 2016-02-03 09:17 - 0963707 _____ () C:\Users\Pam\AppData\Local\Scan-to-PDF_1679.rar

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-17 11:52

==================== End of FRST.txt ============================

 

[nightowl1963200]

Here are the Farbar Recovery Logs: Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by Pam (22-02-2017 13:58:46)
Running from C:\Users\Pam\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-21 02:35:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1227895710-2253308091-917287798-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1227895710-2253308091-917287798-503 - Limited - Disabled)
Guest (S-1-5-21-1227895710-2253308091-917287798-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1227895710-2253308091-917287798-1002 - Limited - Enabled)
Lance (S-1-5-21-1227895710-2253308091-917287798-1003 - Limited - Enabled) => C:\Users\Lance
Pam (S-1-5-21-1227895710-2253308091-917287798-1000 - Administrator - Enabled) => C:\Users\Pam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Fairway™ (HKLM-x32\...\BFG-Fairway) (Version: - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5010 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
SiteBuilder (HKLM-x32\...\SiteBuilder) (Version: 2.9.0 - Aabaco)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1208 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WebLog Expert Lite 8.6 (HKLM-x32\...\WebLog Expert Lite_is1) (Version: 8.6 - Alentum Software Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.12 - Ruiware)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1227895710-2253308091-917287798-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Pam\AppData\Local\Roblox\Versions\version-465ca0bcd6b344c3\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02DABE4B-8351-4A4E-B461-D8682AE62D34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {03F52D20-8F68-488A-8721-EC5B46FA51F8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {11079C3B-7BE6-4B43-8F31-19857AF70B2C} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {16B7F2D2-1E86-4910-B5B8-759606DF4FB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {196D9315-92E1-45BB-8598-E1504D993DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1A92EA3B-1E37-4F95-81DA-10FD7A2F63A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {1B0C3F1C-1242-4F6E-B0A3-99E592825FC6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {20194E04-DAE9-4E0B-868D-CD80A8F2DF44} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {36148B77-2B2C-4AE2-BB5A-2E2DF25DBA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {394899C1-633C-4C9B-81EA-B93279FC9CFF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {413DF685-9F16-479B-B088-6E5E6781110A} - System32\Tasks\HPCeeScheduleForPam => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {43A6EB22-A316-49AC-A42B-16453220FC74} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {481C806D-7959-4011-953B-542F57677978} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {489AA681-D38A-41EA-93DC-291707529C29} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {59280C14-49FD-4341-AA1B-60AC60605DA0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {6521ED0B-E669-4739-AC7F-ED0DE68A999F} - System32\Tasks\{C6C47CC8-BD7A-4F7D-8A87-8BBAF773C1CB} => pcalua.exe -a "C:\Program Files (x86)\Action Replay PowerSaves 3DS\unins000.exe"
Task: {66028B23-1132-428F-B808-333FDF887AE3} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {6676FD23-9398-4A01-BC0F-9B2A8B38671E} - System32\Tasks\SafeZone scheduled Autoupdate 1461885022 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {6FE2E576-7675-40AF-BC7E-0767FBFA396A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {78535D55-2A28-4621-B3B6-7ED0DAB6B11E} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {795BA566-BDE2-40B1-A33B-8A521480ECD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-09] (Google Inc.)
Task: {7ADE86FC-FA7A-4E39-BE86-36BCE996ABA3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {7FF668BC-A886-445F-BCD7-B6C9156EB863} - System32\Tasks\{C5F2FB56-E89E-43E0-845B-B25E1991814A} => pcalua.exe -a C:\Users\Pam\Desktop\AdobeAIRInstaller.exe -d C:\Users\Pam\Desktop
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {80E19BD3-6990-4DF0-92D9-1B375299DDD0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {853A752F-EE75-4F28-9B63-01BFCDA5E841} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-17] (Adobe Systems Incorporated)
Task: {85A87E9B-A067-461E-9017-192F260E247F} - System32\Tasks\{1BC3AFC8-2025-482A-AA14-B2F029F3838D} => pcalua.exe -a C:\Users\Pam\Downloads\iview438_setup.exe -d C:\Users\Pam\Downloads
Task: {8A1C3C17-1756-4D6E-B428-0C4C7AEAACD3} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {8F809813-2CD4-417C-912F-7A084301BE36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {938B02CD-7EB5-4F42-BC6F-E2D9E081AE95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {A7CA828D-5D90-416F-A978-D2894E9297E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A854028E-394E-4B76-9F42-D247ECD82F67} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe
Task: {AAAEA3D4-7007-44C6-BC11-8C632D3EB0B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B2C27F7A-D503-4A69-94DD-4D3E0E2552B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BD90CF0E-12B7-44F6-A795-16106E54308E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-08] (AVAST Software)
Task: {C038F5E4-BBE5-43BD-BEC9-34AB917ED99A} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {C0E8D689-F813-43B7-B4DD-40E69EC683F8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-19] (Dropbox, Inc.)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C4D3427E-09D0-4D66-BE00-F51480143DE7} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C96A73A3-33FB-4166-AAE7-C1A778F3F61E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {C96EAF26-61F1-4BF9-8811-8E2EE65DA46B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CD961886-ABA0-4926-9EFB-135474E4D158} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE201800-446C-4F02-B89C-ADA432C5CC32} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D51C2D71-30E7-4E4F-AAF2-F2EC16C2944B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {D54070FE-3293-4412-A8A5-B48FE67A4F3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E65AC9DD-DBB7-4A84-9F14-600CF668BBB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E9512CEB-1678-4216-A31E-775539593FE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F309057D-D116-487F-8B54-45C8FE0F955A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3E60E29-4639-409D-981C-17756836A26E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F9639B6E-8246-4975-9B61-CD901F301CDD} - System32\Tasks\{B53CB0A1-A1AC-4B42-A39F-694355AAD2B7} => msiexec.exe /package "C:\Users\Pam\AppData\Local\Apple\Apple Software Update\iTunes64.msi"
Task: {FF003060-E5F4-4B10-ADEF-7F0753D4BFAC} - System32\Tasks\{79F7B598-C204-4CC6-A43F-6BB78C2B439D} => C:\Users\Pam\Desktop\ReallySlickScreensavers-0.2_installer.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPam.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Pam\Desktop\SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco\SiteBuilder\SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\ysitebuilder.bat ()
Shortcut: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aabaco\SiteBuilder\Update SiteBuilder.lnk -> C:\Program Files (x86)\SiteBuilder\update.bat ()

ShortcutWithArgument: C:\Users\Pam\Desktop\HP\New folder\PicMonkey.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fgdgokchhicmaiacmgegjnppjkgogdhm
ShortcutWithArgument: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roozz\IrfanView4.33.lnk -> C:\Users\Pam\AppData\Local\Roozz\icons\93_icon.ico () -> hxxp://93.apps.roozzstore.com/IrfanView.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 13:58 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 13:58 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-07 19:00 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-02-18 08:48 - 2017-02-18 08:49 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-18 08:48 - 2017-02-18 08:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-18 08:48 - 2017-02-18 08:49 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 15:03 - 2017-02-06 15:03 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-20 22:07 - 2016-09-20 22:07 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 17:40 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 17:39 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 17:39 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 17:39 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-02-08 13:33 - 2017-02-08 13:33 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-06-25 18:12 - 2016-06-25 18:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-08 13:32 - 2017-02-08 13:32 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-08 13:33 - 2017-02-08 13:33 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-13 13:58 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:07BF512B [153]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [250]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1227895710-2253308091-917287798-1000\...\1-se.com -> 1-se.com

There are 11944 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-09-08 15:19 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1227895710-2253308091-917287798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam\Downloads\burning_violin-wallpaper-3750x3000.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Pam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{4429E7BF-EB63-4E2D-ABAC-FD60E1AAA2D5}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [TCP Query User{A6A423B9-2A12-462D-BE63-B8FE170A18A4}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [UDP Query User{7484263C-01BC-40CA-9A4D-523AA2B6F6BA}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{DB2F47DA-4752-453B-8560-ECBB54B64753}C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{43EB639A-16FE-4343-A785-642729B7E959}C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [TCP Query User{75EB280F-5C47-4B3D-97CA-847ABF6B7B80}C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe] => (Allow) C:\users\pam\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [{49E9B519-583B-42F8-AE54-119FDB4B4143}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F208B434-6838-4B8C-90C0-12A71F4B5513}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45C21727-796F-49B9-8665-AADF2944F7CA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F72B06FC-BCEF-4B47-BE7C-61D370B03F81}] => (Allow) LPort=1900
FirewallRules: [{9661B3B6-2326-47BF-B704-B5137BB78594}] => (Allow) LPort=2869
FirewallRules: [{676FFCC8-85F0-4753-92F7-0D82C7C08187}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{44AC73E5-A3B5-4703-93EA-B31B29D21C3D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{4DFAA34E-F918-48E0-BD75-D155ED565EA3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CF42A662-E727-48E2-AA64-0FBFA985CB42}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D1A81F5A-ABC3-4854-B3B0-3D01639F350A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{7A404ECC-F8C4-4BA8-A373-2A41A6E1C0EC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9111726C-23E8-4135-93B7-635B34107A3E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{101A446F-FC67-4011-816D-5DB8DBE22FAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{69F5A1CE-52DF-4554-8A28-4AE74BF8B303}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{66921FC5-D438-4D82-8800-F7428C9BC884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EA81DFE-B8F5-4C0E-ACD0-7D7782DACA00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9A8E6A3-A89D-4CC4-B806-8C1A8037DADA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A1B4CB15-7EF4-4EC2-8B19-ACAFC0260B84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32F341DC-17F8-4B66-9ACA-7E6437254512}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E03B49E-A2AC-4DA3-8F34-6931FF198D66}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{92FB5856-564B-4D78-B117-C1E5FF4D420C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B5E90B2A-3C4C-460D-958C-6B0D11716F5F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{261162A5-D186-4991-94EF-E02C2235180A}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================

05-02-2017 09:01:31 Avast Cleanup
12-02-2017 10:56:49 Avast Cleanup
20-02-2017 16:13:39 Scheduled Checkpoint
21-02-2017 10:35:55 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2017 12:56:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 51.0.1.6234 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 14dc

Start Time: 01d28c623a8eae11

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 997a57e8-f930-11e6-9c5f-4c72b940f9c5

Faulting package full name:

Faulting package-relative application ID:

Error: (02/22/2017 02:17:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_24_0_0_221.exe, version: 24.0.0.221, time stamp: 0x588f9975
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x03fe3940
Faulting process id: 0x29d4
Faulting application start time: 0x01d28ce412d93119
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
Faulting module path: unknown
Report Id: 6252c00b-7c89-471f-83f6-139151885465
Faulting package full name:
Faulting package-relative application ID:

Error: (02/22/2017 02:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_24_0_0_221.exe, version: 24.0.0.221, time stamp: 0x588f9975
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x5ffac2f0
Faulting process id: 0x9f0
Faulting application start time: 0x01d28ce3fbdc337e
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
Faulting module path: unknown
Report Id: b1c91714-7b41-49bc-a7c8-df3678135aa8
Faulting package full name:
Faulting package-relative application ID:

Error: (02/22/2017 02:16:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_24_0_0_221.exe, version: 24.0.0.221, time stamp: 0x588f9975
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x00df3940
Faulting process id: 0x9f0
Faulting application start time: 0x01d28ce3fbdc337e
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_221.exe
Faulting module path: unknown
Report Id: 43867776-da1d-40a5-9702-4ceaf97a7194
Faulting package full name:
Faulting package-relative application ID:

Error: (02/21/2017 04:48:11 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/21/2017 10:36:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/21/2017 10:26:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Pam-HP)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/21/2017 10:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31889328

Error: (02/21/2017 10:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31889328

Error: (02/21/2017 10:26:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/21/2017 06:10:35 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/21/2017 04:59:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/21/2017 10:26:29 AM) (Source: DCOM) (EventID: 10010) (User: Pam-HP)
Description: The server App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (02/21/2017 01:34:59 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/20/2017 10:24:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:23:43 PM) (Source: DCOM) (EventID: 10016) (User: Pam-HP)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Pam-HP\Pam SID (S-1-5-21-1227895710-2253308091-917287798-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:23:39 PM) (Source: DCOM) (EventID: 10016) (User: Pam-HP)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Pam-HP\Pam SID (S-1-5-21-1227895710-2253308091-917287798-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:23:37 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/20/2017 10:23:35 PM) (Source: DCOM) (EventID: 10016) (User: Pam-HP)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Pam-HP\Pam SID (S-1-5-21-1227895710-2253308091-917287798-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 10:23:34 PM) (Source: DCOM) (EventID: 10016) (User: Pam-HP)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Pam-HP\Pam SID (S-1-5-21-1227895710-2253308091-917287798-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 54%
Total physical RAM: 3667.8 MB
Available physical RAM: 1671.02 MB
Total Virtual: 4499.8 MB
Available Virtual: 1805.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:448.32 GB) (Free:373.47 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.78 GB) (Free:2.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DE514FF6)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[nightowl1963200]

Do I click the link for "FRST(FRST64)" on your reply post, or do I use the link from my desktop? I just want to be sure.

 

[nightowl1963200]

Ok, sorry , I figured it out. Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by Pam (22-02-2017 20:56:35) Run:1
Running from C:\Users\Pam\Desktop\TECH FORUM
Loaded Profiles: Pam (Available Profiles: Pam & Lance & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1227895710-2253308091-917287798-1003\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll [No File]
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2015-07-27 11:30 - 2015-07-27 11:30 - 4065363 _____ (Datel Design & Development ) C:\Program Files\powersaves_setup_v1.29.exe
2013-01-11 13:14 - 2013-02-25 08:13 - 0000089 _____ () C:\Users\Pam\AppData\Local\msmathematics.qat.Pam
2013-01-08 15:30 - 2016-03-17 13:02 - 0007668 _____ () C:\Users\Pam\AppData\Local\Resmon.ResmonCfg
2016-02-03 09:17 - 2016-02-03 09:17 - 0963707 _____ () C:\Users\Pam\AppData\Local\Scan-to-PDF_1679.rar
Task: {02DABE4B-8351-4A4E-B461-D8682AE62D34} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {196D9315-92E1-45BB-8598-E1504D993DAD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {8A1C3C17-1756-4D6E-B428-0C4C7AEAACD3} - \Uninstaller_SkipUac_Administrator -> No File <==== ATTENTION
Task: {8F809813-2CD4-417C-912F-7A084301BE36} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {938B02CD-7EB5-4F42-BC6F-E2D9E081AE95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A7CA828D-5D90-416F-A978-D2894E9297E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AAAEA3D4-7007-44C6-BC11-8C632D3EB0B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CD961886-ABA0-4926-9EFB-135474E4D158} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CE201800-446C-4F02-B89C-ADA432C5CC32} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D54070FE-3293-4412-A8A5-B48FE67A4F3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E65AC9DD-DBB7-4A84-9F14-600CF668BBB1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F309057D-D116-487F-8B54-45C8FE0F955A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F3E60E29-4639-409D-981C-17756836A26E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:07BF512B [153]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [119]
AlternateDataStreams: C:\ProgramData\Temp:B3606FCC [250]

*****************

C:\WINDOWS\system32\GroupPolicy\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1227895710-2253308091-917287798-1003\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\www.exent.com/GameTreatWidget => key removed successfully
HKLM\System\CurrentControlSet\Services\AdobeARMservice => key removed successfully
AdobeARMservice => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
C:\Program Files\powersaves_setup_v1.29.exe => moved successfully
C:\Users\Pam\AppData\Local\msmathematics.qat.Pam => moved successfully
C:\Users\Pam\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Pam\AppData\Local\Scan-to-PDF_1679.rar => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02DABE4B-8351-4A4E-B461-D8682AE62D34} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02DABE4B-8351-4A4E-B461-D8682AE62D34} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{196D9315-92E1-45BB-8598-E1504D993DAD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{196D9315-92E1-45BB-8598-E1504D993DAD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A1C3C17-1756-4D6E-B428-0C4C7AEAACD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A1C3C17-1756-4D6E-B428-0C4C7AEAACD3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F809813-2CD4-417C-912F-7A084301BE36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F809813-2CD4-417C-912F-7A084301BE36} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{938B02CD-7EB5-4F42-BC6F-E2D9E081AE95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{938B02CD-7EB5-4F42-BC6F-E2D9E081AE95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7CA828D-5D90-416F-A978-D2894E9297E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7CA828D-5D90-416F-A978-D2894E9297E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAAEA3D4-7007-44C6-BC11-8C632D3EB0B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAEA3D4-7007-44C6-BC11-8C632D3EB0B4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD961886-ABA0-4926-9EFB-135474E4D158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD961886-ABA0-4926-9EFB-135474E4D158} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE201800-446C-4F02-B89C-ADA432C5CC32} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE201800-446C-4F02-B89C-ADA432C5CC32} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D54070FE-3293-4412-A8A5-B48FE67A4F3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D54070FE-3293-4412-A8A5-B48FE67A4F3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E65AC9DD-DBB7-4A84-9F14-600CF668BBB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E65AC9DD-DBB7-4A84-9F14-600CF668BBB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F309057D-D116-487F-8B54-45C8FE0F955A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F309057D-D116-487F-8B54-45C8FE0F955A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E60E29-4639-409D-981C-17756836A26E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E60E29-4639-409D-981C-17756836A26E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
C:\ProgramData\Temp => ":07BF512B" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":B3606FCC" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog 20:56:42 ====

 

[Broni]

Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[nightowl1963200]

Ok here are my logs:

SECURITY CHECK:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Java 8 Update 121
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.221
Mozilla Firefox (51.0.1)
Google Chrome (56.0.2924.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
Oracle Java javapath AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

_________________________________________________________________________________________________

FARBAR SERVICE SCANNER:

Farbar Service Scanner Version: 27-01-2016
Ran by Pam (administrator) on 23-02-2017 at 12:31:43
Running from "C:\Users\Pam\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[nightowl1963200]

LOGS CONTINUED.....

TEMP FILE CLEANER:

Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 314760 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default.migrated
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 313848 bytes
User: Lance
->Temp folder emptied: 258312339 bytes
->Temporary Internet Files folder emptied: 10054 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 124306768 bytes
->Google Chrome cache emptied: 356937163 bytes
->Flash cache emptied: 56972 bytes
User: NULL
User: Pam
->Temp folder emptied: 34499114 bytes
->Temporary Internet Files folder emptied: 9807603 bytes
->Java cache emptied: 58053 bytes
->FireFox cache emptied: 361494971 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 314543 bytes
User: PCPitstopSVC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 313840 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26951778 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 722 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 1152 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 1915248 bytes
Process complete!
Total Files Cleaned = 1,122.00 mb

________________________________________________________________________________________________

SOPHOS FREE VIRUS REMOVAL TOOL:

NO THREATS FOUND

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

7. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

11. Please, let me know, how your computer is doing.

 

[nightowl1963200]

Thank you so much for all your work. My computer seems better. I am copying down all the things I need to do weekly. I will give you an update later tomorrow about my computer after I have used it awhile.

 

[Broni]

Way to go!!
Good luck and stay safe