Need help with detection of malware!

rebeccavalentine · Oct 19, 2016

I have very little knowledge about malware, virus & stuff. I run win7 professional with avast free anti virus & comodo firewall. I run other on demand scanners once a week just to check if everything is fine. But my laptop has started behaving kind of weird off late. It was faster some 5-6 months ago when i clean installed win. & also sometimes when i open google chrome i just get a blank blue screen & nothing else. these being a few of the changes that i could recall. & also as i am one who watches tv shows online, I often come across various ads which seem highly suspicious, & i have to close them before i can view the episodes. so i highly suspect that my security has been compromised.

If anyone could kindly help me out with this, I would be highly grateful. Thanks in advance.
Ive posted all the three logs from FRST & security analysis as instructed in the forum.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Rebecca (administrator) on REBECCA-PC (19-10-2016 19:37:10)
Running from C:\Users\Rebecca\Downloads\Programs & setup files
Loaded Profiles: Rebecca (Available Profiles: Rebecca)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Users\Rebecca\Desktop\Programs\Caps.exe
() C:\Users\Rebecca\Desktop\Programs\Copy.exe
() C:\Users\Rebecca\Desktop\Programs\Copycontents.exe
() C:\Users\Rebecca\Desktop\Programs\dashlane.exe
() C:\Users\Rebecca\Desktop\Programs\Downloads.exe
() C:\Users\Rebecca\Desktop\Programs\FavSongs.exe
() C:\Users\Rebecca\Desktop\Programs\Google.exe
() C:\Users\Rebecca\Desktop\Programs\Hidemedia1.exe
() C:\Users\Rebecca\Desktop\Programs\LibreOffice.exe
() C:\Users\Rebecca\Desktop\Programs\Notepad.exe
() C:\Users\Rebecca\Desktop\Programs\Paint.exe
() C:\Users\Rebecca\Desktop\Programs\Recycle.exe
() C:\Users\Rebecca\Desktop\Programs\Song.exe
() C:\Users\Rebecca\Desktop\Programs\Text1.exe
() C:\Users\Rebecca\Desktop\Programs\Tutorial.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
(Dashlane, Inc.) C:\Users\Rebecca\AppData\Roaming\Dashlane\Dashlane.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Rebecca\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-31] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{C061FCE4-9BBA-4CD5-B06B-0DE55D0FD626}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-31] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-31] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1466243251918
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: keurpdol.default
FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\keurpdol.default [2016-10-15]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-31]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rebecca\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Rebecca\AppData\Roaming\IDM\idmmzcc5 [2016-10-19] [not signed]
FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default [2016-10-19]
CHR Extension: (Google Slides) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
CHR Extension: (Queen Elsa of Arendelle - Frozen) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\andadcipdpeombhjneecehpogbbjomij [2016-06-18]
CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Avast SafePrice) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-13]
CHR Extension: (Dashlane) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-10-02]
CHR Extension: (Google Sheets) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Avast Online Security) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-29]
CHR Extension: (IDM Integration Module) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-10-05]
CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-31] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2016-06-20] (FNet Co., Ltd.)
R1 FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [37128 2016-06-20] (FNet Co., Ltd.)
U5 gobi3kserial; C:\Windows\System32\Drivers\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [390776 2016-09-30] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 19:36 - 2016-10-19 19:37 - 00000000 ____D C:\FRST
2016-10-19 18:16 - 2016-10-19 18:16 - 00000000 ____D C:\SFCFix
2016-10-19 18:13 - 2016-10-19 18:16 - 00000000 ____D C:\Users\Rebecca\AppData\Local\niemiro
2016-10-12 22:42 - 2016-10-12 22:42 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 22:42 - 2016-10-12 22:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 22:42 - 2016-10-12 22:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 22:42 - 2016-10-12 22:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 22:42 - 2016-10-12 22:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 22:42 - 2016-10-12 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 22:41 - 2016-09-13 02:47 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 22:41 - 2016-09-13 02:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 22:41 - 2016-09-09 21:24 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-08 04:37 - 2016-10-08 04:37 - 00003142 _____ C:\Windows\System32\Tasks\HIbernate
2016-10-07 12:28 - 2016-10-07 12:28 - 00000000 ____D C:\Program Files\AutoHotkey
2016-10-07 12:15 - 2016-10-07 12:15 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-10-07 12:15 - 2016-10-07 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-10-07 12:15 - 2016-10-07 12:15 - 00000000 ____D C:\Program Files\VS Revo Group
2016-10-07 11:50 - 2016-10-08 12:10 - 00000512 _____ C:\Users\Rebecca\Documents\MBR.dat
2016-10-06 21:11 - 2016-10-06 21:11 - 00000000 ___HD C:\VTRoot
2016-10-05 00:45 - 2016-10-05 00:45 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-10-05 00:09 - 2016-10-05 00:13 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Comodo
2016-10-04 23:12 - 2016-10-19 19:19 - 00016856 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-10-04 23:01 - 2016-10-04 23:01 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-10-04 23:01 - 2016-10-04 23:01 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-10-04 22:59 - 2016-10-04 23:07 - 00000000 ____D C:\Program Files\COMODO
2016-10-04 22:59 - 2016-10-04 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2016-10-04 22:58 - 2016-10-05 00:09 - 00000000 ____D C:\ProgramData\Comodo
2016-10-04 22:58 - 2016-10-04 22:58 - 00000000 ____D C:\ProgramData\Shared Space
2016-10-04 19:56 - 2016-10-04 19:56 - 00000000 ____D C:\Users\Rebecca\AppData\Local\Wokhan
2016-10-04 19:46 - 2016-10-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-04 19:46 - 2016-10-04 19:46 - 00000000 ____D C:\Program Files\7-Zip
2016-10-04 00:32 - 2016-04-16 12:48 - 06517356 _____ C:\Users\Rebecca\Downloads\Saviour.mp4
2016-10-03 01:43 - 2016-10-07 12:28 - 00000000 ____D C:\Windows\ShellNew
2016-10-02 14:23 - 2016-10-02 14:24 - 00000000 ____D C:\Users\Rebecca\AppData\LocalLow\Dashlane
2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Dashlane
2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Program Files (x86)\Dashlane
2016-10-02 14:20 - 2016-10-02 14:20 - 00000000 ____D C:\Users\Rebecca\AppData\Local\Packages
2016-10-02 12:45 - 2016-10-08 12:10 - 00004318 _____ C:\Users\Rebecca\Documents\aswMBR.txt
2016-10-01 23:23 - 2016-10-01 23:23 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-10-01 23:07 - 2016-10-01 23:23 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-01 22:46 - 2016-10-02 02:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-30 22:46 - 2016-09-30 22:46 - 00001613 _____ C:\Users\Rebecca\Desktop\BDUSBImmunizerLauncher.lnk
2016-09-30 22:31 - 2016-09-30 22:31 - 00003362 _____ C:\Windows\System32\Tasks\BDRemovalTool
2016-09-30 22:20 - 2016-09-30 22:20 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2016-09-30 07:46 - 2016-09-30 07:46 - 00000000 ____D C:\Users\Rebecca\AppData\Local\fontconfig
2016-09-30 07:43 - 2016-09-30 07:43 - 00000000 ____D C:\Users\Rebecca\Documents\FormatFactory
2016-09-29 22:43 - 2016-09-29 22:43 - 00001071 _____ C:\Users\Rebecca\Desktop\Format Factory.lnk
2016-09-29 22:43 - 2016-09-29 22:43 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2016-09-29 22:42 - 2016-09-29 22:43 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2016-09-25 16:24 - 2016-09-25 16:24 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\PotPlayerMini64
2016-09-25 16:20 - 2016-09-25 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2016-09-25 16:20 - 2016-09-25 16:20 - 00000000 ____D C:\Program Files\DAUM
2016-09-24 16:13 - 2016-09-24 16:22 - 00000618 __RSH C:\ProgramData\ntuser.pol
2016-09-24 15:49 - 2016-08-12 22:32 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-24 15:49 - 2016-08-12 22:32 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-24 15:49 - 2016-08-12 22:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-09-24 15:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-09-24 15:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-09-24 15:49 - 2016-08-12 22:17 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-24 15:49 - 2016-08-12 22:17 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-24 15:49 - 2016-08-12 22:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-09-24 15:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-09-24 15:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-09-24 15:49 - 2016-08-12 21:56 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-09-24 15:49 - 2016-08-06 21:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-09-24 15:49 - 2016-08-06 20:45 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-24 15:49 - 2016-08-06 20:45 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-09-24 15:49 - 2016-08-06 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-24 15:49 - 2016-08-06 20:45 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-24 15:49 - 2016-08-06 20:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-09-24 15:49 - 2016-08-06 20:31 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-24 15:49 - 2016-08-06 20:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-09-24 15:49 - 2016-08-06 20:23 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-24 15:49 - 2016-08-06 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-24 15:49 - 2016-08-06 20:23 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-09-24 15:49 - 2016-06-14 22:51 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-09-24 15:49 - 2016-06-14 22:46 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-09-24 15:49 - 2016-06-14 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-09-24 15:49 - 2016-06-14 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-09-24 15:49 - 2016-06-14 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-09-24 15:49 - 2016-06-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-09-24 15:49 - 2016-06-14 20:45 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-09-24 15:49 - 2016-06-14 20:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-09-24 15:49 - 2016-06-14 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-09-24 15:49 - 2016-06-14 20:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-09-24 15:49 - 2016-06-14 20:35 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-09-24 15:49 - 2016-06-14 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-09-24 15:49 - 2016-06-14 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-09-24 15:24 - 2016-08-29 21:01 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-24 15:24 - 2016-08-29 21:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-24 15:24 - 2016-08-29 21:01 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-24 15:24 - 2016-08-29 20:42 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-24 15:24 - 2016-08-29 20:42 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-24 15:24 - 2016-08-29 20:42 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-24 15:24 - 2016-08-29 20:34 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-24 15:24 - 2016-08-29 20:25 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-24 15:24 - 2016-08-17 02:10 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-09-24 15:24 - 2016-08-17 02:10 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-09-23 00:25 - 2016-08-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-23 00:25 - 2016-08-05 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-19 19:37 - 2016-06-18 15:21 - 00000000 ____D C:\Users\Rebecca\Downloads\Programs & setup files
2016-10-19 19:09 - 2009-07-14 10:15 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-19 19:09 - 2009-07-14 10:15 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-19 19:05 - 2009-07-14 10:43 - 00924636 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-19 19:05 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-10-19 19:04 - 2016-06-18 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-10-19 18:59 - 2016-06-18 02:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-19 18:59 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-19 18:53 - 2016-07-13 04:10 - 00047784 _____ C:\Users\Rebecca\Downloads\text.txt
2016-10-19 18:41 - 2016-06-18 02:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-19 18:21 - 2016-06-23 06:37 - 00000000 ____D C:\Users\Rebecca\AppData\Local\ElevatedDiagnostics
2016-10-19 17:58 - 2016-06-18 15:43 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\DMCache
2016-10-19 03:42 - 2016-06-18 02:22 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-10-15 17:06 - 2016-06-18 15:55 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\vlc
2016-10-14 17:54 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2016-10-14 03:17 - 2016-09-15 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-10-14 03:17 - 2016-09-15 01:05 - 00000000 ____D C:\Users\Rebecca\Desktop\mbar
2016-10-14 03:17 - 2016-06-26 23:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-14 02:42 - 2016-06-18 02:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-13 15:35 - 2016-06-18 14:43 - 00000000 ____D C:\Users\Rebecca\AppData\Local\JDownloader v2.0
2016-10-13 13:46 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-10-13 13:30 - 2016-06-18 02:22 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-10-13 12:08 - 2009-07-14 10:15 - 00315760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 12:06 - 2016-06-24 22:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-13 12:06 - 2016-06-24 22:22 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-12 22:51 - 2016-06-23 00:12 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 22:44 - 2016-06-23 00:12 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-07 23:29 - 2016-04-24 05:32 - 00000000 ____D C:\Users\Rebecca\Downloads\My Stuff
2016-10-06 19:46 - 2015-08-14 20:53 - 00000000 ____D C:\Users\Rebecca\Downloads\Texts
2016-10-05 00:45 - 2016-06-18 01:00 - 00069832 _____ C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-05 00:44 - 2016-08-18 19:21 - 00000000 ____D C:\Windows\system32\appmgmt
2016-10-04 21:29 - 2016-06-18 01:45 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2016-10-04 21:29 - 2016-06-18 01:45 - 00000000 ____D C:\Program Files\Sony
2016-10-04 01:12 - 2016-08-25 23:02 - 00000000 ____D C:\Users\Rebecca\Downloads\Pics
2016-10-04 01:09 - 2016-08-05 18:42 - 00000000 ____D C:\Users\Rebecca\Downloads\IT
2016-10-04 00:51 - 2016-06-18 02:43 - 00000000 ____D C:\Windows\pss
2016-10-04 00:35 - 2016-07-06 23:40 - 00000000 ____D C:\Users\Rebecca\Downloads\Songs & christian videos
2016-10-03 19:54 - 2016-06-18 14:36 - 00000000 ____D C:\Program Files\WinRAR
2016-10-01 19:36 - 2016-06-18 02:27 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466197035
2016-09-29 17:03 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2016-09-26 13:56 - 2016-07-03 19:43 - 00000000 ___HD C:\Program Files And Folders
2016-09-24 16:36 - 2016-09-15 15:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-24 16:12 - 2009-07-14 08:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-09-24 15:51 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-24 15:51 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2016-09-24 15:31 - 2016-06-18 02:13 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-09-23 00:33 - 2016-06-18 02:22 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-09-20 21:26 - 2016-09-15 14:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2016-07-20 21:04 - 2016-07-20 21:04 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-15 00:43

==================== End of FRST.txt ============================

rebeccavalentine · Oct 19, 2016

As i could not post all the three logs in the main post Im posting the remaining over here.
Thanks again..

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Rebecca (19-10-2016 19:38:02)
Running from C:\Users\Rebecca\Downloads\Programs & setup files
Windows 7 Professional Service Pack 1 (X64) (2016-06-17 19:06:03)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2346135004-3240251215-1620024443-500 - Administrator - Disabled)
Guest (S-1-5-21-2346135004-3240251215-1620024443-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2346135004-3240251215-1620024443-1002 - Limited - Enabled)
Rebecca (S-1-5-21-2346135004-3240251215-1620024443-1000 - Administrator - Enabled) => C:\Users\Rebecca

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.03 (x64) (HKLM\...\7-Zip) (Version: 16.03 - Igor Pavlov)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}) (Version: 3.1.0.80 - AuthenTec, Inc.)
AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\Dashlane) (Version: 4.6.1.18109 - Dashlane, Inc.)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Gobi_Firmware (HKLM-x32\...\Gobi_Firmware) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HW Gobi 3000 Driver 1.07.00.00 (HKLM-x32\...\HW Gobi 3000 Driver) (Version: 1.07.00.00 - Huawei technologies Co., Ltd.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel(R) Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{E7DC06A3-8516-4929-B712-80987AFFFB57}) (Version: 14.03.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 5.2.0.4 (HKLM-x32\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.0.0.07070 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.7.0.07150 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net (03/11/2011 9.2.0.316) (HKLM\...\DEEBF3DD97A309C0E7791804AA8D9A15B1172EED) (Version: 03/11/2011 9.2.0.316 - Atheros Communications Inc.)
Windows Driver Package - Sony Corporation (SFEP) HIDClass (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {16288A41-C2C5-4FAF-AE9F-35F568206DAF} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {1EB78963-8973-4D83-A0E9-AE408E3A5170} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {2588A928-8489-41B3-BD0C-746BEEE9535E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
Task: {283895E1-BA16-47B7-8A86-9E8B6D0F4B0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
Task: {3AAD9128-4173-4211-9DF2-7A4632E205A4} - System32\Tasks\HIbernate => C:\Windows\SysWOW64\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {3C86DB85-51B2-4D9F-9B4A-E7C05DB73CF5} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {4573E870-ED1F-4016-96CC-00A2157C611C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-18] (AVAST Software)
Task: {535F57D9-3E05-47F5-B17D-17D80EE53860} - System32\Tasks\{9BAB684E-7944-4F8A-9C13-6EC483B66685} => pcalua.exe -a "E:\15. broadcam bluetooth driver.EXE" -d E:\
Task: {581588FE-D751-48EE-85D7-58972EE43064} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {61BB0537-A514-4D1F-A714-F6A6C13E57FA} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {66280527-3B64-4833-89A4-2F235768FD9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {7D0B1F98-1412-49B9-83E1-76F6DAD12DBE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {8816E919-F55C-494D-95CB-E5C67BDFD8B7} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {94CE11CA-2F2F-437A-B9B8-646288873B5C} - System32\Tasks\SafeZone scheduled Autoupdate 1466197035 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {9C629BC6-692E-4F55-8E3C-A1DBFBC42510} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
Task: {A1491F84-6B64-4D60-A8E7-FA6210E12F6F} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
Task: {DCBE3875-86A4-4E94-8288-5EA2526F3BFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {E33F2BF6-A8CB-4662-BBAD-7B99863461FA} - System32\Tasks\BDRemovalTool => C:\Users\Rebecca\AppData\Local\Temp\BDRemovalTool\BDRemovalTool.exe <==== ATTENTION
Task: {EEDE3F1A-861E-49FF-8F84-25B8A821E964} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
Task: {F3E11926-3D97-4CED-AD61-1FDB91E84D6A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
Task: {F5001264-539A-4221-B86D-9E2BF6800BA5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FD5D3BF6-307F-4DB8-8721-0461985A10CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Rebecca - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-06-18 13:37 - 2016-03-09 20:43 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-06-18 13:37 - 2016-03-09 20:43 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2016-10-04 00:17 - 2016-10-04 00:17 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Caps.exe
2016-10-04 02:08 - 2016-10-04 02:06 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Copy.exe
2016-10-04 01:32 - 2016-10-04 01:33 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Copycontents.exe
2016-10-03 21:29 - 2016-10-03 21:29 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\dashlane.exe
2016-10-03 21:52 - 2016-10-03 21:52 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Downloads.exe
2016-10-04 01:42 - 2016-10-04 01:42 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\FavSongs.exe
2016-10-03 21:07 - 2016-10-03 21:07 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Google.exe
2016-10-08 00:53 - 2016-10-08 00:53 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Hidemedia1.exe
2016-10-03 21:19 - 2016-10-03 21:19 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\LibreOffice.exe
2016-10-03 23:04 - 2016-10-03 23:04 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Notepad.exe
2016-10-04 01:08 - 2016-10-04 01:08 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Paint.exe
2016-10-03 21:09 - 2016-10-03 21:09 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Recycle.exe
2016-10-04 00:44 - 2016-10-04 00:44 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Song.exe
2016-10-08 00:52 - 2016-10-08 00:52 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Text1.exe
2016-10-04 00:44 - 2016-10-04 00:44 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Tutorial.exe
2016-10-04 19:43 - 2016-09-25 11:32 - 02279528 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
2016-10-04 19:43 - 2016-09-25 11:32 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
2016-10-02 14:23 - 2016-09-22 17:38 - 00535424 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-08-31 14:39 - 2016-08-31 14:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-13 14:33 - 2016-10-13 14:33 - 03118936 _____ () C:\Program Files\AVAST Software\Avast\defs\16101300\algo.dll
2016-08-31 14:39 - 2016-08-31 14:39 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-06-18 01:45 - 2011-07-07 15:44 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2016-06-26 23:12 - 2016-06-26 23:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-07-29 13:35 - 2016-07-29 13:35 - 01034856 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxml2.dll
2016-07-29 13:35 - 2016-07-29 13:35 - 00404072 _____ () C:\Program Files (x86)\LibreOffice 5\program\glew32.dll
2016-07-29 13:35 - 2016-07-29 13:35 - 00182888 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxslt.dll
2016-07-29 13:35 - 2016-07-29 13:35 - 00116328 _____ () C:\Program Files (x86)\LibreOffice 5\program\python3.dll
2016-07-29 11:35 - 2016-07-29 11:35 - 00049152 _____ () C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_socket.pyd
2016-10-02 14:23 - 2016-09-22 17:33 - 00347520 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 00436096 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 00469376 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 63126912 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 00292736 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 06294912 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 07412608 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 13651840 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 02284928 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.1.18109.dll
2016-10-02 14:23 - 2016-09-22 17:33 - 00334208 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.1.18109.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2016-09-15 15:39 - 00453264 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15554 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMPPALR3 => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth Media Service => 3
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: ESRV_SVC => 2
MSCONFIG\Services: EvtEng => 2
MSCONFIG\Services: FPLService => 2
MSCONFIG\Services: GobiQDLService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MyWiFiDHCPDNS => 3
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: USER_ESRV_SVC => 3
MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VAIO Power Management => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VSNService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: AutoStarter => C:\ProgramData\AutoStarter\AutoStarter.exe
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: ClientAppLogon => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
MSCONFIG\startupreg: ClientAppLogon32 => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3BF82DB6-E287-4F38-A0D5-CFF433A4DF41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8773A470-EAA6-4304-B8C7-10E1538ECF02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3870A18-4727-46C8-BFEF-3719A4D6FE87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1FF536AE-EEFF-43CF-8BB6-9A34C9408ED3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{2F561A12-AE40-4F5D-8BB2-98C40EF612BD}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [UDP Query User{90E48BC1-5080-4C58-AECE-E399242D4E41}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [{5537A207-956C-4D12-9BB4-5D15E2ACD02A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-10-2016 19:46:27 Checkpoint by HitmanPro
07-10-2016 12:15:47 Revo Uninstaller's restore point - AutoHotkey 1.1.24.01
12-10-2016 22:43:21 Windows Update
13-10-2016 13:26:48 Windows Update
14-10-2016 03:00:17 Windows Update
15-10-2016 03:00:13 Windows Update
15-10-2016 09:37:56 Windows Update
16-10-2016 03:00:16 Windows Update
16-10-2016 23:26:36 Windows Update
17-10-2016 03:00:14 Windows Update
18-10-2016 03:00:15 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2016 06:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2016 04:52:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 11:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 10:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/15/2016 09:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/15/2016 03:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 11:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/13/2016 11:28:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/13/2016 10:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/13/2016 09:48:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (10/19/2016 07:01:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/18/2016 01:30:24 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 00-00-00-00-00-00. Network operations on this system may
be disrupted as a result.

Error: (10/17/2016 04:56:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/16/2016 11:31:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/16/2016 10:34:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/16/2016 10:10:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/15/2016 09:43:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/15/2016 03:31:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/15/2016 03:07:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).

Error: (10/15/2016 12:21:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-07-31 15:36:26.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 15:36:15.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 15:36:15.038
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 14:43:49.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 14:43:35.741
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 14:43:35.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 12:50:45.329
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 12:50:31.819
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-31 12:50:31.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-07-30 19:36:27.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 6059.82 MB
Available physical RAM: 2571.7 MB
Total Virtual: 12117.83 MB
Available Virtual: 7795.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:501.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EEEF3C86)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

rebeccavalentine · Oct 19, 2016

Result of Security Analysis by Rocket Grannie (x86) Updated: 16th October, 2016
Running from:C:\Users\Rebecca\Downloads\Programs & setup files (19:49:05 - 10/19/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Professional X64 Service Pack 1
UAC is Enabled!
Internet Explorer *Internet Explorer is out of Date*
Default Browser: Google Chrome
***-----------------Anti-Virus - Firewall-------------------***
Avast Antivirus (Enabled - Up to Date)
Firewall: Comodo Firewall
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin is not installed
HitmanPro (version 3.7)
Malwarebytes Anti-Exploit (version 1.8.1.2572)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Spybot - Search & Destroy (version 2.4)
SUPERAntiSpyware (version 6)
Windows Live Essentials (version 16.4)

Google Chrome (version 53.0.2785.143) is *out of Date*

***----------------Analysis Complete-------------------------***

Corrine · Oct 19, 2016

Hi, Rebecca. Welcome to Sysnative!

I often come across various ads which seem highly suspicious, & i have to close them before i can view the episodes. so i highly suspect that my security has been compromised.

Sites providing online streaming of TV shows do tend to have rather questionable ads, which is what I believe you are running into rather than malware. Since Google Chrome is your default browser (which you need to update since it is outof date!), you may want to select one of the ad-block extensions listed below (or go to the Chrome Web Store and select one from the extensions available there):

uBlock Origin: uBlock Origin - Chrome Web Store
Adblock Plus: Adblock Plus - Chrome Web Store

Both of those extensions are also available for Firefox and Adblock Plus is available for IE. Please give one of the extensions a try and let me know if that makes a difference.

1. Regarding your use of MSCONFIG: Please keep in mind the following from Using System Configuration (msconfig) - Windows Help:

System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}

In other words, MSConfig is useful for troubleshooting but not for managing startup programs. Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, registry and startup entries in MSConfig end up as leftovers when uninstalling a program.

2. Let's do a bit of cleanup. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code:

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <======= ATTENTION
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST.exe | FRST64.exe
- Please post the log in your next reply.

rebeccavalentine · Oct 25, 2016

Thank you so much for your help..
Thanks a ton..
I never knew I'd get your reply this fast :)

Thanks again for your suggestion.. Ive now installed the UBlock Origin extension for chrome..
& Ive update it too..

& about the msconfig thing.. I have been living with the misconception that I could use it as a start up manager.. Thanks for your explanation.. I now get it..

I did what you said.. & Ive pasted the log here..
( PS after the system reboot, when i tried to start autohotkey (which i always use) the system started behaving weirdly. The window crashed. And then when i tried to open any window, nothing happened. I waited for a good 10 minutes but still nothing happened. Then i tried to restart.. But the "logging off" screen remained forever & i abruptly turned it off using the power button. After starting it again, Im having no issues..

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Rebecca (26-10-2016 01:11:36) Run:1
Running from C:\Users\Rebecca\Downloads\Programs & setup files
Loaded Profiles: Rebecca & (Available Profiles: Rebecca)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction <======= ATTENTION
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\adtschema.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\advapi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\apisetschema.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appidapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appidcertstorecheck.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appidpolicyconverter.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\appidsvc.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\auditpol.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\certcli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\conhost.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\credssp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\cryptbase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\csrsrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\davclnt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\FntCache.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\INETRES.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\kernel32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lsasrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\lsass.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msaudite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msobjs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ncrypt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rpchttp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\rstrui.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\secur32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\setbcdlocale.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\smss.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\srclient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\srcore.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\sspisrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wdigest.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\WebClnt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\win32k.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winload.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\winsrv.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wow64cpu.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\wow64win.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\adtschema.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\advapi32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\apisetschema.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\appidapi.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\auditpol.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\certcli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\credssp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\cryptbase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\davclnt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\DWrite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\INETRES.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\instnm.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\kerberos.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\kernel32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msaudite.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msobjs.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ncrypt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntkrnlpa.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rpchttp.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\schannel.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\secur32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\setup16.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\srclient.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\user.exe => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wdigest.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\WebClnt.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\SysWOW64\wow32.dll => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\appid.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
C:\Windows\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\86159243.sys" => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80734695 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1907398 B
Edge => 0 B
Chrome => 26066628 B
Firefox => 135468 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 617 B
systemprofile32 => 10531 B
LocalService => 132244 B
NetworkService => 13360 B
Rebecca => 12262831 B
Fireflies & Stars => 123873 B

RecycleBin => 0 B
EmptyTemp: => 123.8 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 01:12:40 ====

Corrine · Oct 25, 2016

Hi, Rebecca.

You're welcome. We do our best to help our members as quickly as we can. With the ad-block software, are you no longer seeing the suspicious ads? Just to be sure, let's run another program:

Please download AdwCleaner by Xplode and save to your Desktop.

Right-click on AdwCleaner.exe and select Run As Administrator
The tool will start to update the database, please wait a bit.
Click on the Scan button.
AdwCleaner will begin. Please be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

rebeccavalentine · Oct 27, 2016

Yes I have never seen replies as fast as this in any other forum.. Just amazing & thanks a ton again :)
Its a great help to novice users like me.. :)

Actually im sorry.. I had installed UBlock origin.. Not ad-block.. But then UBlock origin is just great.. Im not seeing any suspicious & annoying ads.. It indeed does wonders.. :) Thank you so much for letting me know about this. All the annoying ads are now gone & all i can do is smile! :)

Yes Ive done what you asked me to, & ive posted the log as well.. I cant believe that these toolbars were actually present! I had been very keen right from the start about carefully installing programs only from known authors & had unchecked crap like this during installs. Still they managed to creep in? & I had uninstalled internet explorer also, so this is shocking to me!

Is everything clean now?? Or should i do something else?? :)
Thanks a ton again :) Will be forever grateful :)

# AdwCleaner v6.030 - Logfile created 28/10/2016 at 08:03:49
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-27.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Rebecca - REBECCA-PC
# Running from : C:\Users\Rebecca\Downloads\Programs & setup files\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com

***** [ Web browsers ] *****

[-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1222 Bytes] - [28/10/2016 08:03:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1492 Bytes] - [28/10/2016 07:52:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1368 Bytes] ##########

Corrine · Oct 28, 2016

Hi, Rebecca.

Comments such as yours are the very reason I devote time to helping others. It is great to know that I put a smile on your face!

I had been very keen right from the start about carefully installing programs only from known authors & had unchecked crap like this during installs.

Yes, the practice of pre-checked optional programs offered with updates/downloads is very frustrating. You may be interested in using Unchecky - Keeps your checkboxes clear.

Now that your computer is "back to normal", let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log which you can close.

rebeccavalentine · Oct 29, 2016

Its extremely sweet of you to actually try & help others. Not many will have the heart to do so :) Thanks a ton again.. :)

Will try unchecky for sure.. Sounds interesting.. Download has already begun :)

BTW, when i ran adwcleaner yesterday, just to ensure if everything is alright, i again found those 2 annoying toolbars!! Not sure of what to do now. Why do they keep appearing again & again?? Please help me out.. Please..
( PS I use Jdownloader2 to download files from internet.. Ive read that its comes with malware. But I had taken good care not to install any malware that came with it. Can auto update of that software download malware into my system without my knowledge?
And I use catchvideo.net to download some episodes which jdownloader2 cant.. )

And one more doubt

Why is it necessary to remove the tools?? Cant I keep them just to perform some scans every once in a week?? :)

Here is the log for the second scan..

# AdwCleaner v6.030 - Logfile created 28/10/2016 at 20:40:43
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-28.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Rebecca - REBECCA-PC
# Running from : C:\Users\Rebecca\Downloads\Programs & setup files\adwcleaner_6.030.exe
# Mode: Scan
# Support : Malwarebytes | Customer Support & Help Center

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1451 Bytes] - [28/10/2016 08:03:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1492 Bytes] - [28/10/2016 07:52:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1339 Bytes] - [28/10/2016 08:33:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [1421 Bytes] - [28/10/2016 20:40:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1494 Bytes] ##########

Corrine · Oct 29, 2016

Hi, Rebecca.

This was the first time I've heard about either catchvideo.net or Jdownloader2. I didn't see anything questionable about catchvideo but would advise caution with Jdownloader2. Although the majority of the user input reviewing Jdownloader2 at WOT reports it safe, in addition to reports of browser hijacks, toolbars, etc., hpHOSTS reported, "Engaged in the use of misleading marketing tactics." For the record, hpHOSTS is managed by a fellow MVP and, additionally, it is "Powered by Malwarebytes". Is Jdownloader.org Safe? Community Reviews | WOT (Web of Trust) and hpHosts Online.

Note the difference in bold between the two AdwCleaner scans:
AdwCleaner First Scan Result (with Clean):
[-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com

AdwCleaner Second Scan Result (with Scan):
Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

I don't know why the first scan/clean didn't include the files shown in the location of second scan. However, let's see what happens when you use the AdwCleaner "Clean" option this time plus add another tool to the mix.

1. Double-click AdwCleaner.exe to run the tool again.

Click the Scan button.
AdwCleaner will begin to scan your computer like it did before.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
After the scan has finished,
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2. Please download Junkware Removal Tool to your desktop.

Disable your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

rebeccavalentine · Oct 29, 2016

Thank you so so much for suggesting this to me. & for taking out your precious time to help me. Yes I ll be cautious.. :)
Again, Ive never seen replies as fast as this in any other forum. Thanks to Sysnative & a special thanks to you. U guys make our lives easier.. Heartfelt thank you :)

Oops.. so they are not the same? I hadnt noticed it

Here is the log.. for junkware removal tool.. (Adwcleaner found nothing.. )
( I ran junkware removal tool for the second time too, but it found nothing on the second scan..
But when I ran it for the third time, it found these files

I really dont know what is going on with my system

)

But, Thanks again :) a ton :)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64
Ran by Rebecca (Administrator) on Sat 10/29/2016 at 8:11:13.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 16

Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0708TI51 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SMS09XT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GBMOBQQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N0TIPYG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQA3B6R4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0708TI51 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SMS09XT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GBMOBQQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N0TIPYG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQA3B6R4 (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/29/2016 at 8:24:58.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64
Ran by Rebecca (Administrator) on Sun 10/30/2016 at 6:38:31.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 12

Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16WN6622 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ORO3OC8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD1SKXTJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16WN6622 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ORO3OC8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD1SKXTJ (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/30/2016 at 6:57:17.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rebeccavalentine · Oct 29, 2016

Im so so so sorry for the double post..

I wanted to edit the old past & add this, but couldnt do so.. sorry again

Out of curiosity, I tried running JRT again, & the scan result again came up with something..

Am i in trouble?
Why do JRT & Adwcleaner keep detecting something or the other in every scan??? please help

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64
Ran by Rebecca (Administrator) on Sun 10/30/2016 at 7:19:27.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/30/2016 at 7:37:47.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

xilolee · Oct 30, 2016

Hi Rebeccavalentine. :)

You can see those are empty (?) temporary internet files folders.
Nothing to be concerned of.

Corrine · Oct 30, 2016

Hi, Rebecca.

xilolee is correct. All JRT found was temporary internet files. A simple explanation of temporary internet files is available here: What is Temporary Internet Files? - Definition from Techopedia.

Since Google Chrome is your primary browser, instructions for clearing cache and cookies are available in this help document: Clear cache and cookies - Accounts Help.

Did you scan with AdwCleaner again, using the Clean option?

rebeccavalentine · Oct 30, 2016

xilolee said:
Hi Rebeccavalentine. :)

You can see those are empty (?) temporary internet files folders.
Nothing to be concerned of.

god:lol:
dis feels so embarrassing..
sorry i did not notice this at all..
& thank you :)

rebeccavalentine · Oct 30, 2016

Corrine said:
Hi, Rebecca.

xilolee is correct. All JRT found was temporary internet files. A simple explanation of temporary internet files is available here: What is Temporary Internet Files? - Definition from Techopedia.

Since Google Chrome is your primary browser, instructions for clearing cache and cookies are available in this help document: Clear cache and cookies - Accounts Help.

Did you scan with AdwCleaner again, using the Clean option?

Sorry..
i really did not notice this at all..
such a dumbo i am

& yes i did a scan.. results were positive.. :)
& thank again.. thanks a lot.. :)

Corrine · Oct 31, 2016

No, no, Rebecca, not a "dumbo", rather an inquiring mind!

You asked earlier:

Why is it necessary to remove the tools?? Cant I keep them just to perform some scans every once in a week??

It is the "normal" part of our process to remove the tools/logs used for a couple of reasons. First, some tools should only be used with the guidance of someone trained in their use. Second, many people don't want additional programs cluttering their desktop.

If you wish to keep the stand-alone programs AdwCleaner and JRT (Junkware Removal Tool), that is fine. However, please be sure to update them before running. However, please do not attempt to do anything with FRST on your own. I would rather you remove it and any logs stored in the C:\Users\Rebecca\Downloads\Programs & setup files folder.

Although Google Chrome is your primary browser, there are times you may use Internet Explorer, which is severely out of date. I strongly advise that you update to IE11. Internet Explorer downloads - Windows Help Select the version for your 64-bit operating system. Expect to see a number of IE updates along the line as well.

Hopefully, you also saw my earlier reminder to update Google Chrome. Even if you updated then, Adobe Flash Player received a critical "out-of-band" update last week so I suggest you check Chrome again for updates.

Please let me know if you have any questions.

rebeccavalentine · Nov 20, 2016

Sorry for double post.. *edited*

rebeccavalentine · Nov 20, 2016

@corrine Thank you so much again.. And, so sorry for responding so late. I had forgotten about my own question & did not think you ll reply...

"Inquiring mind" is much better than being termed a dumbo..

Sweet of you :)Now i get it.. Yeah I have decided to keep AdwCleaner & JRT, while deleting FRST & its logs.. :)I thought I had uninstalled IE completely! :O& yes I have updated google chrome as you have said.. Thanks again for all your replies & response.. thank you so much for your time.. :)

Corrine · Nov 20, 2016

You are most welcome!

Need help with detection of malware!

Active member

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Moderator

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst