Am i still infected? What am i supposed to do? Please help!

RebeccaValentin · 09 Apr 2017

C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-15 20:08 - 2017-03-04 11:40 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-15 20:08 - 2017-03-04 11:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-15 20:08 - 2017-03-04 11:40 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-15 20:08 - 2017-03-04 11:39 - 08125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-15 20:08 - 2017-03-04 11:39 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-15 20:08 - 2017-03-04 11:39 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 01780224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 12178944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-15 20:08 - 2017-03-04 11:37 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 03614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-15 20:08 - 2017-03-04 11:36 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-03-15 20:08 - 2017-03-04 11:34 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-15 20:08 - 2017-03-04 11:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-15 20:08 - 2017-03-04 11:33 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-15 20:08 - 2017-03-04 11:33 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-15 20:08 - 2017-03-04 11:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-15 20:08 - 2017-03-04 11:32 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-15 20:08 - 2017-03-04 11:31 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-15 20:08 - 2017-03-04 11:30 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-15 20:08 - 2016-07-16 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-15 20:08 - 2016-07-16 07:58 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-15 20:08 - 2016-07-16 07:56 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-15 20:07 - 2016-05-30 00:08 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-15 19:37 - 2017-04-09 20:23 - 00258139 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-15 19:37 - 2017-04-09 20:23 - 00204148 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-10 01:49 - 2017-03-10 01:49 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Mozilla
2017-03-10 00:50 - 2017-03-10 00:50 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\ShareX
2017-03-10 00:38 - 2017-04-09 20:12 - 00000000 ____D C:\Users\Rebecca Valentine\Documents\ShareX
2017-03-10 00:38 - 2017-03-10 00:38 - 00000827 _____ C:\Users\Rebecca Valentine\Desktop\ShareX.lnk
2017-03-10 00:38 - 2017-03-10 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-03-10 00:38 - 2017-03-10 00:38 - 00000000 ____D C:\Program Files\ShareX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 20:12 - 2017-01-20 00:54 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-09 20:12 - 2017-01-19 23:03 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\DMCache
2017-04-09 19:50 - 2017-01-19 16:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E03940D7-79D2-4449-B37A-06B431BA1570}
2017-04-09 19:00 - 2017-01-18 16:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-09 18:36 - 2017-01-18 20:08 - 00000000 ____D C:\AdwCleaner
2017-04-09 18:35 - 2017-01-20 01:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-09 18:34 - 2017-01-18 19:58 - 00000000 ____D C:\Users\Rebecca Valentine\Desktop\mbar
2017-04-09 18:23 - 2017-01-20 00:23 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-09 18:02 - 2017-01-20 21:46 - 00000000 ____D C:\EEK
2017-04-09 17:39 - 2017-01-18 10:01 - 00000000 __SHD C:\Users\Rebecca Valentine\IntelGraphicsProfiles
2017-04-09 17:38 - 2017-01-18 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-09 17:38 - 2016-07-16 11:34 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-04-09 17:19 - 2017-02-14 12:03 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\ElevatedDiagnostics
2017-04-09 17:09 - 2017-01-18 20:14 - 00001370 _____ C:\Users\Rebecca Valentine\Desktop\JRT.lnk
2017-04-09 17:02 - 2017-02-24 12:40 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-04-09 17:02 - 2017-01-18 21:33 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane
2017-04-09 17:00 - 2017-01-23 13:00 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\Other Pics
2017-04-09 17:00 - 2017-01-18 18:04 - 00048568 _____ C:\Users\Rebecca Valentine\Downloads\text.txt
2017-04-09 14:29 - 2017-01-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-04-09 12:31 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-08 20:54 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2017-04-08 18:05 - 2017-01-18 19:18 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\Programs & Setup Files
2017-04-08 11:04 - 2016-03-31 09:01 - 02455578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-08 09:59 - 2016-12-28 23:59 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\My Project
2017-04-08 09:30 - 2017-03-06 12:53 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\Arduino15
2017-04-08 07:12 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-06 00:58 - 2017-03-01 18:05 - 00000000 ____D C:\ProgramData\HP
2017-04-05 23:56 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-04 23:57 - 2016-08-05 18:42 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\IT
2017-04-04 23:57 - 2016-04-24 05:32 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\My Stuff
2017-04-02 20:11 - 2017-01-19 20:32 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\JDownloader 2.0
2017-04-01 21:55 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-22 16:32 - 2017-01-18 16:37 - 00000000 ____D C:\Users\Rebecca Valentine
2017-03-20 19:21 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\rescache
2017-03-19 15:10 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-19 13:39 - 2017-02-20 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-19 13:39 - 2016-10-26 10:04 - 01472450 ____N C:\WINDOWS\Minidump\031917-6953-01.dmp
2017-03-19 13:28 - 2017-01-20 02:44 - 00001147 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-19 13:28 - 2017-01-20 02:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-19 01:21 - 2016-07-16 17:17 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-19 01:21 - 2016-07-16 11:34 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-19 01:20 - 2015-10-30 11:58 - 00000000 ____D C:\Users\Default.migrated
2017-03-19 01:15 - 2016-10-26 10:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-19 01:14 - 2017-01-18 16:35 - 00443448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-17 22:37 - 2016-03-31 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 20:54 - 2017-01-18 14:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 20:53 - 2017-01-18 14:50 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-12 11:30 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-10 10:47 - 2016-07-16 17:19 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 10:47 - 2016-07-16 17:19 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-10 02:22 - 2017-02-09 21:47 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-10 02:09 - 2017-01-19 23:48 - 00000000 ____D C:\Program Files (x86)\WMPKeys

==================== Files in the root of some directories =======

2017-02-19 20:40 - 2017-02-20 01:05 - 0000117 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Camdata.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0000408 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamLayout.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0000408 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamShapes.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0004537 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamStudio.cfg
2017-02-19 20:33 - 2017-02-20 01:02 - 0000096 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\version2.xml
2017-01-23 14:11 - 2017-01-23 14:11 - 0000017 _____ () C:\Users\Rebecca Valentine\AppData\Local\resmon.resmoncfg
2017-04-06 00:58 - 2017-04-06 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 17:53

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Rebecca Valentine (09-04-2017 20:23:46)
Running from C:\Users\Rebecca Valentine\Downloads
Windows 10 Home Single Language Version 1607 (X64) (2017-01-18 11:13:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2453292216-1992557863-264388339-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2453292216-1992557863-264388339-503 - Limited - Disabled)
Guest (S-1-5-21-2453292216-1992557863-264388339-501 - Limited - Disabled)
Rebecca Valentine (S-1-5-21-2453292216-1992557863-264388339-1001 - Administrator - Enabled) => C:\Users\Rebecca Valentine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.85 - ICEpower a/s)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.6.1.20906 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.30.60 - Conexant)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
FormatFactory 4.0.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{AA1CAAC2-2A6A-4771-B813-8B73C74AE477}) (Version: 18.1.1539.2349 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 5.2.4.2 (HKLM-x32\...\{70E9A143-18EB-4FAB-B020-E3854B12202C}) (Version: 5.2.4.2 - The Document Foundation)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.9.1.1334 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1334 - Malwarebytes)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.6.0 - ShareX Team)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinX HD Video Converter Deluxe 5.9.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)

RebeccaValentin · 09 Apr 2017

Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04148B06-7F74-466F-AB97-BD6A3704ED4E} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {26847FF2-925F-43B9-9154-C137E18E097E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
Task: {4B1E9D6B-B811-4DA5-A07C-E729D7E4ADA2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {5890DE90-6C86-4701-B89E-5A586EF730EA} - System32\Tasks\SafeZone scheduled Autoupdate 1484743893 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {7A95F90F-7F97-435C-872B-2E02424D15B7} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {7FF88CB0-F08F-44E4-BC8C-2245A4F968F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {895D1674-D51B-4FAB-8B4E-910A89F5CE57} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-20] (ASUSTek Computer Inc.)
Task: {A07DE7E7-B65F-42A5-B6F7-9B255D14B3D7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D0F9F6D0-1F1B-4555-B0BF-CE9504CE51A3} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D6E39F92-1A12-47DA-9784-4D7AFBE2F5DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F7406635-35FC-4988-995D-41EBE134C76A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {F9535623-DA4E-4649-989F-0CBAC10C9AE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 20:08 - 2017-03-04 12:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-15 20:08 - 2017-03-04 12:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-18 17:21 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-06 14:23 - 2017-03-29 14:17 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 14:23 - 2017-03-29 14:17 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-01-18 21:34 - 2017-03-17 21:18 - 00544208 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe
2017-01-19 20:38 - 2016-12-17 12:34 - 01209344 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-03-31 12:36 - 2017-03-31 12:37 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-31 12:36 - 2017-03-31 12:37 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Na tive.Windows.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-01-18 15:43 - 2017-01-18 15:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dl l
2017-03-31 12:36 - 2017-03-31 12:37 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink .Controls.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-01-18 15:43 - 2017-01-18 15:44 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dl l
2017-03-31 12:36 - 2017-03-31 12:37 - 00024064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginProxy .dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00547840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink .dll
2015-07-22 12:48 - 2015-07-22 12:48 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00338896 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00441808 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00464848 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 62708176 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00285648 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 06183888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 07271888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 13684176 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 02215888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00334288 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.8.26847.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15472250.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43893416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 12:54 - 2017-04-09 17:38 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337311\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337345\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: wpscloudsvr => 3
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "Application Restart #0"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Application Restart #0"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "Application Restart #0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8ECB77A4-E67E-470A-B594-BA6FEB91139A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B09670C9-415F-4765-ABE6-AEEAE374966F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D97586E5-CAE9-4BC4-8287-4FAE814E7B18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50C80565-DB3E-4930-BE59-1C14455403BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A32C32A1-F1BC-4EDF-AFA6-1A0E6E1B34E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{41FE58F4-C4D5-4550-8F37-1A466E593C54}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A159A600-0B55-4EC6-AA6D-494BB596D0DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{28426F0A-0DEE-44F8-9C8E-D3A23DC04867}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A93503D7-6CF1-43E6-9465-DDE021EE75E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69558106-323B-4946-AEC2-6C20F6EBA44D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6720B044-010D-4FCD-9746-6230065349D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A63538BB-F025-4461-8516-D76C8F0EACBE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{78F27E6E-CB15-444E-A355-172F39C5DD8F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1A1BD38A-4155-462D-B323-A1D8355BD501}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{C6121F8C-6AF7-4FB2-932A-D8063D584857}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{D1B876CE-3DA3-4A22-8A50-E3DB3F14DDF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-04-2017 17:44:27 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2017 05:44:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/09/2017 05:09:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\REBECC~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (04/09/2017 12:25:28 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 08:54:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/08/2017 08:54:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8eb0b10d-fe85-4c31-bef4-fa7aa63b7234}

Error: (04/08/2017 10:59:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150

RebeccaValentin · 09 Apr 2017

DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 09:29:45 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 08:58:12 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 07:07:29 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/07/2017 01:16:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

System errors:
=============
Error: (04/09/2017 06:56:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:44:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:44:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:44:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:38:44 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (04/09/2017 05:38:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

CodeIntegrity:
===================================
Date: 2017-02-23 15:14:12.340
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16282.54 MB
Available physical RAM: 10739.71 MB
Total Virtual: 17306.54 MB
Available Virtual: 11867.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:70.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:446.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA6A0828)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: DDEB2A16)

Partition: GPT.

==================== End of Addition.txt ============================

Windows IP Configuration

Host Name . . . . . . . . . . . . : Rebecca-Valentine
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 70-4D-7B-49-58-97
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : B8-8A-60-A1-63-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-A3-BE-0D-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8260
Physical Address. . . . . . . . . : B8-8A-60-A1-63-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cc4d:d500:a865:1b5b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 April 2017 21:06:59
Lease Expires . . . . . . . . . . : 10 April 2017 21:06:59
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 62425696
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-A1-EA-DC-70-4D-7B-49-58-97
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : B8-8A-60-A1-63-C7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5ACE2FFB-A6B8-4388-A6D7-D6A943E8E16A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1070:e08f:952f:233b(Preferred)
Link-local IPv6 Address . . . . . : fe80::1070:e08f:952f:233b%6(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 352321536
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-A1-EA-DC-70-4D-7B-49-58-97
NetBIOS over Tcpip. . . . . . . . : Disabled

Interface name : Wi-Fi
There are 4 networks currently visible.

SSID 1 : Jai Ganesh
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : 00:17:7c:35:3e:90
Signal : 28%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 2 : Airtel-WD670-877B
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : 90:c7:d8:b6:87:7b
Signal : 99%
Radio type : 802.11n
Channel : 11
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 3 : NETGEAR
Network type : Infrastructure
Authentication : WPA2-Personal
Encryption : CCMP
BSSID 1 : 00:1f:33:7f:81:2a
Signal : 28%
Radio type : 802.11g
Channel : 6
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54

SSID 4 : darshan
Network type : Infrastructure
Authentication : WPA-Personal
Encryption : CCMP
BSSID 1 : 80:13:82:9a:79:22
Signal : 28%
Radio type : 802.11n
Channel : 1
Basic rates (Mbps) : 1 2 5.5 11
Other rates (Mbps) : 6 9 12 18 24 36 48 54

Profiles on interface Wi-Fi:

Group policy profiles (read only)
---------------------------------
<None>

User profiles
-------------
All User Profile : B0KM-cHJpeWExNTAzLnBk
All User Profile : Project
All User Profile : JioNet@Jerusalem
All User Profile : Xender_AP9dd5
All User Profile : Epsi's iPhone
All User Profile : AndroidAP
All User Profile : EEZONE11.1
All User Profile : accord
All User Profile : accord5
All User Profile : accord10
All User Profile : accord8
All User Profile : Xender_APce4b
All User Profile : Airtel-E5573-3B96
All User Profile : oppo
All User Profile : Airtel-WD670-877B

Pinging 194.119.131.66 with 32 bytes of data:
Reply from 194.119.131.66: bytes=32 time=219ms TTL=53
Request timed out.
Reply from 194.119.131.66: bytes=32 time=227ms TTL=53
Reply from 194.119.131.66: bytes=32 time=210ms TTL=53

Ping statistics for 194.119.131.66:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 210ms, Maximum = 227ms, Average = 218ms

Pinging plus.net [212.159.8.2] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 212.159.8.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Tracing route to cns1.uk.vianw.net [194.119.131.66]
over a maximum of 30 hops:

1 3 ms 2 ms 2 ms 192.168.1.1
2 * * * Request timed out.
3 46 ms 36 ms 34 ms 10.206.136.69
4 65 ms 37 ms 37 ms 125.17.12.121
5 176 ms 206 ms 226 ms 182.79.245.37
6 222 ms 245 ms 233 ms ten0-1-1-2-t40-mse1.router.uk.clara.net [195.66.224.66]
7 227 ms 234 ms 226 ms tengige0-1-1-0-t6-ar14.router.uk.clara.net [195.157.3.110]
8 228 ms 241 ms 206 ms cns1.uk.vianw.net [194.119.131.66]

Trace complete.
These Windows services are started:

Apple Mobile Device Service
Application Information
ASLDR Service
ATKGFNEX Service
Avira Real-Time Protection
Avira Scheduler
Avira Service Host
Background Intelligent Transfer Service
Background Tasks Infrastructure Service
Base Filtering Engine
Bluetooth Support Service
CDPUserSvc_523a7
Certificate Propagation
CNG Key Isolation
COM+ Event System
Conexant Audio Message Service
Conexant SmartAudio service
Connected User Experiences and Telemetry
CoreMessaging
Credential Manager
Cryptographic Services
DCOM Server Process Launcher
Delivery Optimization
Device Association Service
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
ESIF Upper Framework Service
Group Policy Client
Human Interface Device Service
IKE and AuthIP IPsec Keying Modules
Intel Bluetooth Service
Intel(R) Dynamic Application Loader Host Interface Service
Intel(R) HD Graphics Control Panel Service
Intel(R) Management and Security Application Local Management Service
Intel(R) PROSet/Wireless Event Log
Intel(R) PROSet/Wireless Registry Service
Intel(R) PROSet/Wireless Zero Configuration Service
IP Helper
Local Session Manager
Malwarebytes Anti-Exploit Service
Microsoft Passport Container
Network Connection Broker
Network List Service
Network Location Awareness

RebeccaValentin · 09 Apr 2017

Network Store Interface Service
NVIDIA Display Driver Service
NVIDIA GeForce Experience Service
NVIDIA Network Service
NVIDIA Streamer Service
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery
State Repository Service
Superfetch
Sync Host_523a7
System Event Notification Service
System Events Broker
Task Scheduler
TCP/IP NetBIOS Helper
Themes
Tile Data model server
Time Broker
Unchecky
User Manager
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Connection Manager
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Push Notifications System Service
Windows Search
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation
ZAM Controller Service

The command completed successfully.

Microsoft Windows [Version 10.0.14393]

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 4 K
System 4 Services 0 768 K
smss.exe 464 Services 0 1,156 K
csrss.exe 608 Services 0 4,548 K
wininit.exe 724 Services 0 5,320 K
csrss.exe 736 Console 1 8,120 K
services.exe 804 Services 0 8,388 K
lsass.exe 812 Services 0 13,580 K
svchost.exe 916 Services 0 21,528 K
svchost.exe 972 Services 0 10,296 K
winlogon.exe 420 Console 1 9,640 K
svchost.exe 536 Services 0 18,660 K
dwm.exe 500 Console 1 69,752 K
svchost.exe 1068 Services 0 47,592 K
svchost.exe 1084 Services 0 28,092 K
WUDFHost.exe 1108 Services 0 15,592 K
svchost.exe 1228 Services 0 18,388 K
svchost.exe 1416 Services 0 21,752 K
nvvsvc.exe 1472 Services 0 9,696 K
igfxCUIService.exe 1492 Services 0 8,408 K
nvxdsync.exe 1640 Console 1 21,316 K
nvvsvc.exe 1652 Console 1 15,676 K
svchost.exe 1760 Services 0 8,484 K
svchost.exe 1824 Services 0 11,788 K
svchost.exe 1844 Services 0 17,632 K
svchost.exe 1972 Services 0 15,844 K
AsLdrSrv.exe 2028 Services 0 5,768 K
GFNEXSrv.exe 2036 Services 0 3,456 K
spoolsv.exe 2068 Services 0 16,492 K
wlanext.exe 2160 Services 0 16,440 K
conhost.exe 2168 Services 0 5,320 K
svchost.exe 2344 Services 0 9,256 K
sched.exe 2404 Services 0 6,688 K
avguard.exe 2712 Services 0 77,272 K
svchost.exe 2728 Services 0 17,684 K
CxAudMsg64.exe 2736 Services 0 8,220 K
GfExperienceService.exe 2744 Services 0 13,304 K
EvtEng.exe 2748 Services 0 14,236 K
AppleMobileDeviceService. 2760 Services 0 12,572 K
ibtsiva.exe 2768 Services 0 5,232 K
Memory Compression 2880 Services 0 8 K
NvNetworkService.exe 2908 Services 0 12,848 K
RegSrvc.exe 2936 Services 0 9,264 K
svchost.exe 2944 Services 0 22,560 K
svchost.exe 2952 Services 0 8,744 K
mbae-svc.exe 2960 Services 0 12,552 K
unchecky_svc.exe 3020 Services 0 7,036 K
SASrv.exe 3032 Services 0 6,372 K
nvstreamsvc.exe 3040 Services 0 14,388 K
ZeroConfigService.exe 2124 Services 0 16,952 K
esif_uf.exe 2564 Services 0 6,876 K
Avira.ServiceHost.exe 3132 Services 0 28,604 K
ZAM.exe 3332 Services 0 16,248 K
mbae64.exe 3752 Services 0 5,900 K
conhost.exe 3780 Services 0 5,728 K
unsecapp.exe 4012 Services 0 6,672 K
WmiPrvSE.exe 4256 Services 0 12,464 K
NvStreamNetworkService.ex 4376 Services 0 16,244 K
conhost.exe 4384 Services 0 8,340 K
avshadow.exe 5068 Services 0 5,652 K
HControl.exe 4908 Console 1 9,504 K
nvstreamsvc.exe 4988 Console 1 19,096 K
conhost.exe 4904 Console 1 6,732 K
esif_assist_64.exe 4488 Console 1 4,656 K
unchecky_bg.exe 4932 Console 1 8,752 K
sihost.exe 4132 Console 1 27,344 K
svchost.exe 5140 Console 1 18,820 K
taskhostw.exe 5196 Console 1 17,876 K
PresentationFontCache.exe 5212 Services 0 19,652 K
RuntimeBroker.exe 5580 Console 1 38,416 K
explorer.exe 5828 Console 1 1,09,636 K
igfxEM.exe 5012 Console 1 12,880 K
ShellExperienceHost.exe 6088 Console 1 55,584 K
ATKOSD2.exe 5852 Console 1 8,768 K
DMedia.exe 5248 Console 1 7,504 K
SearchIndexer.exe 5592 Services 0 32,144 K
SearchUI.exe 5328 Console 1 87,820 K
SearchProtocolHost.exe 6576 Services 0 10,088 K
NvBackend.exe 6820 Console 1 25,252 K
nvtray.exe 1056 Console 1 13,416 K
smartscreen.exe 4824 Console 1 24,356 K
CAudioFilterAgent64.exe 1500 Console 1 8,452 K
Dashlane.exe 2180 Console 1 36,284 K
DashlanePlugin.exe 1264 Console 1 30,420 K
avgnt.exe 7300 Console 1 3,056 K
Avira.Systray.exe 7364 Console 1 41,940 K
dllhost.exe 7756 Console 1 9,308 K
notepad.exe 7832 Console 1 33,432 K
SmartAudio.exe 8144 Console 1 64,128 K
ApplicationFrameHost.exe 4544 Console 1 22,788 K
Microsoft.Photos.exe 6008 Console 1 1,05,960 K
jhi_service.exe 3704 Services 0 6,424 K
LMS.exe 8076 Services 0 12,212 K
fontdrvhost.exe 8788 Console 1 3,256 K
WMIADAP.exe 9128 Services 0 7,164 K
wireless.exe 3156 Console 1 11,160 K
SearchFilterHost.exe 7584 Services 0 7,412 K
cmd.exe 1780 Console 1 5,272 K
conhost.exe 8160 Console 1 11,396 K
tasklist.exe 8308 Console 1 8,164 K
WmiPrvSE.exe 8244 Services 0 8,644 K

MTU MediaSenseState Bytes In Bytes Out Interface
------ --------------- --------- --------- -------------
1500 5 0 0 Ethernet
1500 1 99482 79977 Wi-Fi
4294967295 1 0 8064 Loopback Pseudo-Interface 1
1500 5 0 0 Local Area Connection* 2
1500 5 0 0 Bluetooth Network Connection
1500 5 0 0 Ethernet 3

Querying active state...

TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State : enabled
Chimney Offload State : disabled
NetDMA State : disabled
Direct Cache Access (DCA) : disabled
Receive Window Auto-Tuning Level : normal
Add-On Congestion Control Provider : none
ECN Capability : disabled
RFC 1323 Timestamps : disabled
Initial RTO : 3000
Receive Segment Coalescing State : disabled
Non Sack Rtt Resiliency : disabled
Max SYN Retransmissions : 2
TCP Fast Open : enabled

===========================================================================
Interface List
9...70 4d 7b 49 58 97 ......Realtek PCIe GBE Family Controller
15...b8 8a 60 a1 63 c4 ......Microsoft Wi-Fi Direct Virtual Adapter
14...00 ff a3 be 0d 6d ......TAP-Windows Adapter V9
10...b8 8a 60 a1 63 c3 ......Intel(R) Dual Band Wireless-AC 8260
12...b8 8a 60 a1 63 c7 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 50
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.100 306
192.168.1.100 255.255.255.255 On-link 192.168.1.100 306
192.168.1.255 255.255.255.255 On-link 192.168.1.100 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.100 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.100 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
6 331 ::/0 On-link
1 331 ::1/128 On-link
6 331 2001::/32 On-link
6 331 2001:0:9d38:90d7:1070:e08f:952f:233b/128
On-link
10 306 fe80::/64 On-link
6 331 fe80::/64 On-link
6 331 fe80::1070:e08f:952f:233b/128
On-link
10 306 fe80::cc4d:d500:a865:1b5b/128
On-link
1 331 ff00::/8 On-link
10 306 ff00::/8 On-link
6 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
The requested operation requires elevation.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: portal.plus.net
Addresses: 212.159.9.2
212.159.8.2
Aliases: Plusnet Reliable

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Malwarebytes Anti-Exploit REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Avira SystrayStartTrigger REG_SZ "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
avgnt REG_SZ "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Dashlane REG_SZ "C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
DashlanePlugin REG_SZ "C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe" ws

[-] Repaired ->> File ->> C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Default\Preferences

09 Apr 2017 21:10:22 [2038] - **********************************************************
09 Apr 2017 21:10:22 [2038] - MWAV - eScanAV AntiVirus Toolkit.
09 Apr 2017 21:10:22 [2038] - Copyright © MicroWorld Technologies
09 Apr 2017 21:10:22 [2038] - **********************************************************
09 Apr 2017 21:10:22 [2038] - Source: C:\Users\REBECC~1\DOWNLO~1\mwav.exe
09 Apr 2017 21:10:22 [2038] - Version 14.0.270 (C:\USERS\REBECCA VALENTINE\APPDATA\LOCAL\TEMP\MEXE.COM)
09 Apr 2017 21:10:22 [2038] - Log File: C:\Users\Rebecca Valentine\AppData\Local\Temp\MWAV.LOG
09 Apr 2017 21:10:22 [2038] - MWAV Registered: TRUE
09 Apr 2017 21:10:22 [2038] - User Account: Rebecca Valentine (Administrator Mode)
09 Apr 2017 21:10:22 [2038] - OS Type: Windows Workstation [InstallType: Client]
09 Apr 2017 21:10:22 [2038] - OS: Windows 10 64-Bit [OS Install Date: 18 Jan 2017 16:43:28]
09 Apr 2017 21:10:22 [2038] - Ver: Personal Build 14393
09 Apr 2017 21:10:22 [2038] - System Up Time: 6 Minutes, 58 Seconds

09 Apr 2017 21:10:22 [2038] - Parent Process Name : C:\Users\Rebecca Valentine\Downloads\mwav.exe
09 Apr 2017 21:10:22 [2038] - Windows Root Folder: C:\WINDOWS
09 Apr 2017 21:10:22 [2038] - Windows Sys32 Folder: C:\WINDOWS\system32
09 Apr 2017 21:10:22 [2038] - DHCP NameServer: 192.168.1.1 192.168.1.1
09 Apr 2017 21:10:22 [2038] - Interface0 DHCPNameServer: 10.66.104.1
09 Apr 2017 21:10:22 [2038] - Interface1 DHCPNameServer: 192.168.1.1 192.168.1.1
09 Apr 2017 21:10:22 [2038] - Interface2 DHCPNameServer: 192.168.224.1
09 Apr 2017 21:10:22 [2038] - Local Fixed Drives: c:\,d:\
09 Apr 2017 21:10:22 [2038] - MWAV Mode(A): Scan and Clean files
09 Apr 2017 21:10:22 [2038] - [CREATED ZIP FILE: C:\Users\Rebecca Valentine\AppData\Local\Temp\pinfect.zip]
09 Apr 2017 21:10:22 [2038] - Latest Date of files inside MWAV: Mon Feb 6 15:39:43 2017.
09 Apr 2017 21:10:24 [2038] - ** Changed Value of "Path"
09 Apr 2017 21:10:25 [2038] - Loading/Creating FileScan Cache Database C:\ProgramData\MicroWorld\MWAV\ESCANDBY.MDB [Log: C:\Users\Rebecca Valentine\AppData\Local\Temp\ESCANDB.LOG]
09 Apr 2017 21:10:25 [2038] - Loaded/Created FileScan Cache Database...
09 Apr 2017 21:10:25 [2038] - Loading AV Library [DB][TC:08]...
09 Apr 2017 21:10:54 [2038] - ArchiveScan: DISABLED
09 Apr 2017 21:10:54 [2038] - AV Library Loaded - MultiThreaded - 8 : [DB-DIRECT].
09 Apr 2017 21:10:54 [2038] - MWAV doing self scanning...
09 Apr 2017 21:10:54 [2038] - MWAV files are clean.
09 Apr 2017 21:10:59 [2038] - ArchiveScan: DISABLED
09 Apr 2017 21:10:59 [2038] - Virus Database Date: 06 Feb 2017
09 Apr 2017 21:10:59 [2038] - Virus Database Count: 8243318
09 Apr 2017 21:10:59 [2038] - Sign Version: 7.69509 [462725]
09 Apr 2017 21:11:18 [2038] - Downloading AntiVirus and Anti-Spyware Databases...
09 Apr 2017 21:21:17 [2038] - Update Successful...
09 Apr 2017 21:21:19 [2038] - Old Sign Version: 7.69509 New Sign Version: 7.70717
09 Apr 2017 21:21:26 [2038] - Reload of AntiVirus Signatures successfully done.
09 Apr 2017 21:21:26 [2038] - Virus Database Date: 09 Apr 2017
09 Apr 2017 21:21:26 [2038] - Virus Database Count: 8336221
09 Apr 2017 21:21:26 [2038] - Sign Version: 7.70717 [463933]

09 Apr 2017 21:24:38 [2038] - **********************************************************
09 Apr 2017 21:24:38 [2038] - MWAV - eScanAV AntiVirus Toolkit.
09 Apr 2017 21:24:38 [2038] - Copyright © MicroWorld Technologies
09 Apr 2017 21:24:38 [2038] -
09 Apr 2017 21:24:38 [2038] - Support: support@escanav.com
09 Apr 2017 21:24:38 [2038] - Web: eScan Antivirus | Best Protection from Viruses
09 Apr 2017 21:24:38 [2038] - **********************************************************
09 Apr 2017 21:24:38 [2038] - Version 14.0.270[DB] (C:\USERS\REBECCA VALENTINE\APPDATA\LOCAL\TEMP\MEXE.COM)
09 Apr 2017 21:24:38 [2038] - Log File: C:\Users\Rebecca Valentine\AppData\Local\Temp\MWAV.LOG
09 Apr 2017 21:24:38 [2038] - User Account: Rebecca Valentine (Administrator Mode)
09 Apr 2017 21:24:38 [2038] - Parent Process Name : C:\Users\Rebecca Valentine\Downloads\mwav.exe
09 Apr 2017 21:24:38 [2038] - Windows Root Folder: C:\WINDOWS
09 Apr 2017 21:24:38 [2038] - Windows Sys32 Folder: C:\WINDOWS\system32
09 Apr 2017 21:24:38 [2038] - OS: Windows 10 64-Bit [OS Install Date: 18 Jan 2017 16:43:28]
09 Apr 2017 21:24:38 [2038] - Ver: Personal Build 14393
09 Apr 2017 21:24:38 [2038] - Latest Date of files inside MWAV: Mon Feb 6 15:39:43 2017.
09 Apr 2017 21:24:38 [2038] - Priority: NORMAL

09 Apr 2017 21:24:38 [0cd8] - Options Selected by User:
09 Apr 2017 21:24:38 [0cd8] - Memory Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - Registry Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - StartUp Folder Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - System Folder Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - Services Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - Scan Archives: Disabled
09 Apr 2017 21:24:38 [0cd8] - Drive Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - All Drive Check

isabled
09 Apr 2017 21:24:38 [0cd8] - Drive Selected = C:\
09 Apr 2017 21:24:38 [0cd8] - Folder Check: Enabled
09 Apr 2017 21:24:38 [0cd8] - Folder Selected = D:\
09 Apr 2017 21:24:38 [0cd8] - SCAN: All_Files [ANSI]
09 Apr 2017 21:24:38 [0cd8] - MWAV Mode(B): Scan and Clean files

09 Apr 2017 21:24:38 [0cd8] - Scanning DNS Records...
09 Apr 2017 21:24:38 [0cd8] - Scanning Master Boot Record (User)...
09 Apr 2017 21:24:38 [0cd8] - Scanning Logical Boot Records...
09 Apr 2017 21:24:39 [0cd8] - ***** Scanning For Hidden Rootkit Processes *****
09 Apr 2017 21:24:39 [0cd8] - ***** Scanning For Hidden Rootkit Services *****

09 Apr 2017 21:24:40 [0cd8] - ***** Scanning Memory Files *****

09 Apr 2017 21:24:46 [0cd8] - ***** Scanning Registry Files *****

09 Apr 2017 21:24:48 [0cd8] - ***** Scanning StartUp Folders *****
09 Apr 2017 21:24:57 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Rebecca Valentine\AppData\Roaming\Intel\Wireless\Settings
09 Apr 2017 21:24:57 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Rebecca Valentine\AppData\Roaming\Intel\Wireless\WLANProfiles
09 Apr 2017 21:24:58 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\ProgramData\Apple Computer\iTunes\SC Info
09 Apr 2017 21:25:00 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\ProgramData\Intel\Wireless\WLANProfiles
09 Apr 2017 21:25:03 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\ProgramData\Microsoft\Windows\RetailDemo
09 Apr 2017 21:25:06 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\ProgramData\Roaming\Intel\Wireless\Settings
09 Apr 2017 21:25:06 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\ProgramData\..\Intel

09 Apr 2017 21:25:06 [0cd8] - ***** Scanning Service Files *****
09 Apr 2017 21:25:12 [0cd8] - ERROR(2)!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\farflt.sys. Action Taken: Removing HKLM64\SYSTEM\CurrentControlSet\Services\MBAMFarflt.

09 Apr 2017 21:25:15 [0cd8] - ***** Scanning System32 Folders *****
09 Apr 2017 21:25:26 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\WINDOWS\system32\WLANProfiles

09 Apr 2017 21:25:31 [0cd8] - ***** Scanning Drive C:\ *****
09 Apr 2017 21:25:49 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Program Files\Intel\WiFi\bin\WLANProfiles
09 Apr 2017 21:26:39 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Program Files (x86)\InstallShield Installation Information
09 Apr 2017 21:27:01 [23cc] - Scanning File C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
09 Apr 2017 21:27:01 [0924] - Scanning File C:\System Volume Information\{46ac55da-1d1d-11e7-a749-b88a60a163c7}{3808876b-c176-4e48-b7ae-04046e6cc752}
09 Apr 2017 21:27:01 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Public\Roaming\Intel\Wireless\Settings
09 Apr 2017 21:27:16 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Rebecca Valentine\AppData\Local\Microsoft\Media Player\Art Cache
09 Apr 2017 21:27:22 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Rebecca Valentine\AppData\Local\NVIDIA Corporation\Shield Apps\StreamingAssets
09 Apr 2017 21:28:04 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Users\Rebecca Valentine\Roaming\Intel\Wireless\Settings
09 Apr 2017 21:29:36 [0cd8] - Setting NORMAL Attributes for Folder(B): C:\Windows\System32\config\systemprofile\AppData\Roaming\Intel\Wireless\Settings

09 Apr 2017 21:32:12 [0cd8] - ***** Checking for specific ITW Viruses *****

09 Apr 2017 21:32:12 [0cd8] - ***** Scanning complete. *****

09 Apr 2017 21:32:12 [0cd8] - Total Objects Scanned: 228503
09 Apr 2017 21:32:12 [0cd8] - Total Critical Objects: 0
09 Apr 2017 21:32:12 [0cd8] - Total Disinfected Objects: 0
09 Apr 2017 21:32:12 [0cd8] - Total Objects Renamed: 0
09 Apr 2017 21:32:12 [0cd8] - Total Deleted Objects: 0
09 Apr 2017 21:32:12 [0cd8] - Total Errors: 1
09 Apr 2017 21:32:12 [0cd8] - Time Elapsed: 00:07:34
09 Apr 2017 21:32:12 [0cd8] - Virus Database Date: 09 Apr 2017
09 Apr 2017 21:32:12 [0cd8] - Virus Database Count: 8336221
09 Apr 2017 21:32:12 [0cd8] - Sign Version: 7.70717 [463933]

09 Apr 2017 21:32:12 [0cd8] - Scan Completed.

samuria · 14 Apr 2017

There was one problem which was removed download and run UnCleaner â€“ The Unnecessary Files Cleaner Solution - Josh Cell Softwares

Then check if these files have gone if not delete them U3 aswMBR; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswMBR.sys [62728 2017-03-19] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswVmm.sys [224896 2017-04-09] () <==== ATTENTION.

You have a few errors open a admin cmd prompt then type sfc /scannow

RebeccaValentin · 16 Apr 2017

I have done everything you asked me to :)

Should i post the sfc/ scannow log now? Its too long.

What should i do next? Is my system clean now?

( Certain websites just wont load. They load, when i use proxy. They load in my other devices as well, with the same network. But in my system they wont load. This has something to do with malware right?
Please help

)

PS. I use 4G connection from a network service provider.

samuria · 16 Apr 2017

As you have the same topic on all these forums you are clean

here (https://www.sysnative.com/forums/sec...tml#post178880). a topic at Malwarebytes (https://forums.malwarebytes.com/topi...result-askcom/) Animal (https://www.bleepingcomputer.com/for...sisoft-please/) (https://support.emsisoft.com/topic/2...th-eis-please/)

RebeccaValentin · 17 Apr 2017

samuria said:

As you have the same topic on all these forums you are clean

here (https://www.sysnative.com/forums/sec...tml#post178880). a topic at Malwarebytes (https://forums.malwarebytes.com/topi...result-askcom/) Animal (https://www.bleepingcomputer.com/for...sisoft-please/) (https://support.emsisoft.com/topic/2...th-eis-please/)

Oh okay. so thank you so much for the assistance :)
I hope i did not cause much trouble

Callender · 17 Apr 2017

RebeccaValentin said:

Certain websites just wont load. They load, when i use proxy. They load in my other devices as well, with the same network. But in my system they wont load. This has something to do with malware right?
Please help

)

PS. I use 4G connection from a network service provider.

See this old post: Pages take a long time and unresponsive-all browsers - Windows 7 Help Forums

Change DNS to something else and reset router (via the reset button) and reboot to test.

DNS Addressing - How to Change in Windows 7