Inactive Downloaded a dumb program and now I can not remove it and the virus it came with

Status
Not open for further replies.
M

MichelleJasmine

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
Ran by Michelle Jasmine (administrator) on MICHELLEJASMINE (17-06-2016 02:34:39)
Running from C:\Users\Michelle Jasmine\Downloads
Loaded Profiles: Michelle Jasmine (Available Profiles: Michelle Jasmine & Guest)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\loggingserver.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerClient.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Ginger Software) C:\Program Files (x86)\Ginger\GingerServices\GingerServices.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coNatHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6570256 2016-06-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2662472 2016-06-12] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-05-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36151360 2014-02-23] (ooVoo LLC)
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\Run: [Spotify] => C:\Users\Michelle Jasmine\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\Run: [Spotify Web Helper] => C:\Users\Michelle Jasmine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-10] (Spotify Ltd)
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\Run: [uTorrent] => C:\Users\Michelle Jasmine\AppData\Roaming\uTorrent\uTorrent.exe [1413200 2014-07-31] (BitTorrent Inc.)
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\RunOnce: [Uninstall C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\RunOnce: [Uninstall C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-06-13] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ginger.lnk [2015-09-16]
ShortcutTarget: Ginger.lnk -> C:\Windows\Installer\{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}\GingerClientStartu_E7648186C0BE4AE6AF2E431C614DBB20.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{7B95813A-D358-4920-A635-FAEA3E6238FD}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A6382732-B88B-441C-A972-D674F999B6E3}: [DhcpNameServer] 192.168.24.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-26] (Microsoft Corporation)
BHO: Oovoo Toolbar -> {4F564F32-5637-4300-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Passport_x64.dll" => No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-26] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO-x32: Oovoo Toolbar -> {4F564F32-5637-4300-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Passport.dll" => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM - Oovoo Toolbar - {4F564F32-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Passport_x64.dll" No File
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-12] (AVG Secure Search)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Oovoo Toolbar - {4F564F32-5637-4300-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\OVO2V7C\Passport.dll" No File
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.4.0.518\AVG SafeGuard toolbar_toolbar.dll [2016-06-12] (AVG Secure Search)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2115966475-1567825624-3805393455-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-26] (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-20] (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Michelle Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\6y5zl40d.default
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://mysearch.avg.com?cid={4af1bdb7-a79b-4f27-a7ff-d6b6291a66cd}&mid=d72eb3010d9747d29d020919a0f965ea-dac13a77557ba83f1fc21bf6d30ac861e97881a8&lang=en&ds=avg&coid=avgtbavg&cmpid=1215tb&pr=pr&d=2014-08-05 00:57:42&v=19.4.0.518&pid=safeguard&sg=&sap=hp
FF Keyword.URL:
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-06-19] (Adobe Systems)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-06-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2115966475-1567825624-3805393455-1001: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll [2015-09-03] (Ginger Software)
FF SearchPlugin: C:\Users\Michelle Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\6y5zl40d.default\searchplugins\avg-secure-search.xml [2016-06-12]
FF SearchPlugin: C:\Users\Michelle Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\6y5zl40d.default\searchplugins\safesearch.xml [2015-06-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2016-06-12]
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn [2016-06-14] [not signed]
FF Extension: AVG SafeGuard toolbar - C:\Users\Michelle Jasmine\AppData\Roaming\Mozilla\Firefox\Profiles\6y5zl40d.default\Extensions\avg@safeguard.xpi [2016-06-12]
FF Extension: Ginger - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2015-09-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.0.124\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [adapter@gingersoftware.com] - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com
FF Extension: Ginger - C:\Program Files (x86)\Ginger\Mozilla\adapter@gingersoftware.com [2015-09-16] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (PriCEMinus) - C:\ProgramData\ippokghbfppgbblbmpgeedeciehmdkln\ []
CHR Profile: C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-17]
CHR Extension: (Google Docs) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-17]
CHR Extension: (Google Drive) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-17]
CHR Extension: (YouTube) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-17]
CHR Extension: (Norton Security Toolbar) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-17]
CHR Extension: (Google Sheets) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-17]
CHR Extension: (Gmail) - C:\Users\Michelle Jasmine\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-17]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-06-09] (Adobe Systems Incorporated)
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [636312 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5165824 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080592 2016-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [705528 2016-06-09] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2945792 2016-05-26] (Microsoft Corporation)
R2 GingerUpdateService; C:\Program Files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [527360 2015-09-03] (Ginger Software) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-21] (SurfRight B.V.)
R3 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [282016 2015-06-17] (Symantec Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-05-25] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.7.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.7.0\ToolbarUpdater.exe [1842576 2015-08-01] (AVG Secure Search)
R2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-04-20] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [67864 2013-04-16] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-05-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [247040 2016-05-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-05-02] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-05-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150521.001\BHDrvx64.sys [1640152 2015-06-03] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys [165080 2015-06-03] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150716.001\IDSvia64.sys [692984 2015-07-16] (Symantec Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150603.019\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150603.019\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33744 2013-04-16] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\system32\drivers\NSx64\1605000.07C\SRTSP64.SYS [917720 2015-06-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605000.07C\SRTSPX64.SYS [42200 2015-06-03] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-03] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NSx64\1605000.07C\SymELAM.sys [23568 2015-06-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-06-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS [288984 2015-06-03] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NSx64\1605000.07C\SYMNETS.SYS [567512 2015-06-03] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 02:34 - 2016-06-17 02:34 - 00028128 _____ C:\Users\Michelle Jasmine\Downloads\FRST.txt
2016-06-17 02:34 - 2016-06-17 02:34 - 00000000 ____D C:\FRST
2016-06-17 02:33 - 2016-06-17 02:33 - 02386944 _____ (Farbar) C:\Users\Michelle Jasmine\Downloads\FRST64.exe
2016-06-17 02:32 - 2016-06-17 02:32 - 01737216 _____ (Farbar) C:\Users\Michelle Jasmine\Downloads\FRST (1).exe
2016-06-17 02:31 - 2016-06-17 02:31 - 01737216 _____ (Farbar) C:\Users\Michelle Jasmine\Downloads\FRST.exe
2016-06-17 02:09 - 2016-06-17 02:09 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\AvgSetupLog
2016-06-17 02:08 - 2016-06-17 02:09 - 03136872 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Michelle Jasmine\Downloads\AVG_Ultimate_825.exe
2016-06-17 02:02 - 2016-06-17 02:02 - 00579584 _____ C:\Users\Michelle Jasmine\Downloads\(Working updated)instagram followers hack tool.iso
2016-06-13 20:16 - 2016-06-13 20:16 - 00679262 _____ C:\Users\Michelle Jasmine\Downloads\Downloadable Copy of Soc 1 Syllabus.pdf
2016-06-12 15:31 - 2016-06-12 15:31 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2016-06-05 04:33 - 2016-06-05 04:33 - 00000943 _____ C:\Users\Michelle Jasmine\Downloads\generaldata_FL.csv
2016-06-05 04:32 - 2016-06-05 04:32 - 00000956 _____ C:\Users\Michelle Jasmine\Downloads\generaldata_NY.csv
2016-06-02 20:14 - 2016-06-02 20:14 - 05939501 _____ C:\Users\Guest\Downloads\misc folder.zip
2016-05-24 01:34 - 2016-05-24 01:34 - 00010984 _____ C:\Users\Michelle Jasmine\Downloads\[kat.cr]the.struggle.for.democracy.2012.election.edition.pdf.stormrg.torrent
2016-05-24 01:23 - 2016-05-24 01:23 - 04403200 _____ C:\Users\Guest\Downloads\The_Struggle_for_Democracy_2012_Election_Edition_PDF_StormRG.iso
2016-05-24 01:23 - 2016-05-24 01:23 - 04403200 _____ C:\Users\Guest\Downloads\The_Struggle_for_Democracy_2012_Election_Edition_PDF_StormRG (1).iso
2016-05-21 03:23 - 2016-05-21 03:24 - 03191488 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\Setup.X86.en-US_O365HomePremRetail_596c95ae-2f89-4d56-87ec-38e43f295a1e_TX_PR_(1).exe
2016-05-21 03:21 - 2016-05-21 03:22 - 03191488 _____ (Microsoft Corporation) C:\Users\Guest\Downloads\Setup.X86.en-US_O365HomePremRetail_596c95ae-2f89-4d56-87ec-38e43f295a1e_TX_PR_.exe
2016-05-18 12:13 - 2016-05-18 12:13 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-17 02:27 - 2013-12-25 11:34 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-17 02:21 - 2014-09-03 00:25 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\Avg
2016-06-17 02:09 - 2014-01-02 03:47 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\Adobe
2016-06-17 01:17 - 2014-08-03 19:39 - 00003998 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{733CBE54-6582-4F99-B07C-1744514C1DA5}
2016-06-17 00:35 - 2015-05-20 00:35 - 00000414 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job
2016-06-16 19:07 - 2015-05-20 00:38 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-06-16 19:07 - 2015-05-20 00:38 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-06-16 19:05 - 2014-08-03 21:04 - 00000000 ____D C:\ProgramData\MFAData
2016-06-16 02:48 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-16 02:42 - 2013-12-26 14:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 02:30 - 2013-12-26 14:56 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 02:05 - 2013-12-25 03:19 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2115966475-1567825624-3805393455-1001
2016-06-15 01:47 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-15 01:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-15 00:38 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-06-14 15:20 - 2014-08-03 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-06-14 01:35 - 2013-12-25 02:54 - 00000074 _____ C:\Users\Michelle Jasmine\AppData\Roaming\sp_data.sys
2016-06-14 01:34 - 2013-10-06 21:03 - 00003056 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2016-06-14 01:34 - 2013-10-06 21:03 - 00003028 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-06-14 01:34 - 2013-10-06 21:03 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2016-06-14 01:34 - 2013-10-06 21:03 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-06-14 01:34 - 2013-10-06 21:02 - 00002990 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2016-06-14 01:34 - 2013-10-06 20:56 - 00003542 _____ C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)
2016-06-14 01:25 - 2014-08-03 19:38 - 00000000 __RDO C:\Users\Michelle Jasmine\OneDrive
2016-06-14 01:24 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-13 20:58 - 2013-12-25 02:50 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\Packages
2016-06-13 20:55 - 2015-05-30 00:38 - 00000000 ____D C:\Users\Michelle Jasmine\Documents\SCHOOL WORK
2016-06-12 16:32 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-12 15:39 - 2015-06-05 11:39 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\Microsoft Help
2016-06-12 15:34 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-12 15:31 - 2014-08-05 00:56 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2016-06-12 15:29 - 2013-05-01 02:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-12 15:21 - 2014-08-03 18:59 - 00000000 ____D C:\Users\Michelle Jasmine
2016-06-09 06:12 - 2013-12-25 02:50 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\VirtualStore
2016-06-09 02:30 - 2013-12-25 11:35 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-09 02:30 - 2013-12-25 11:35 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-09 02:25 - 2015-06-26 18:29 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Local\CrashDumps
2016-06-04 14:54 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-04 13:11 - 2012-07-26 01:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-06-02 20:48 - 2014-06-12 21:15 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2016-06-02 20:47 - 2014-06-12 21:15 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-06-02 20:16 - 2014-07-30 11:28 - 00000062 _____ C:\Users\Guest\AppData\Roaming\sp_data.sys
2016-05-27 00:57 - 2015-04-04 04:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-27 00:57 - 2015-04-04 04:47 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-26 17:28 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-26 17:21 - 2014-08-03 19:46 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-24 21:44 - 2016-02-13 07:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-24 01:40 - 2014-07-30 22:06 - 00000000 ____D C:\Users\Michelle Jasmine\AppData\Roaming\uTorrent
2016-05-24 01:24 - 2016-04-27 13:30 - 00002384 _____ C:\Users\Michelle Jasmine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-05-24 01:24 - 2015-06-02 14:13 - 00003216 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2115966475-1567825624-3805393455-1001
2016-05-21 05:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-21 05:46 - 2014-03-18 03:03 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-21 05:41 - 2013-08-22 07:44 - 05142256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-21 05:36 - 2014-12-11 23:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-21 05:36 - 2014-03-18 02:45 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2014-04-15 21:52 - 2014-04-15 21:52 - 0000021 _____ () C:\Users\Michelle Jasmine\AppData\Roaming\my_intel.sys
2013-12-25 02:54 - 2016-06-14 01:35 - 0000074 _____ () C:\Users\Michelle Jasmine\AppData\Roaming\sp_data.sys
2013-05-01 02:34 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 02:34 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 02:34 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-07-30 22:34 - 2012-10-24 12:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2041816.exe

Files to move or delete:
====================
C:\ProgramData\uninstall2041816.exe


Some files in TEMP:
====================
C:\Users\Michelle Jasmine\AppData\Local\Temp\avguirn_081342043625.exe
C:\Users\Michelle Jasmine\AppData\Local\Temp\avguirn_081924337804.exe
C:\Users\Michelle Jasmine\AppData\Local\Temp\avguirn_08553894185.exe
C:\Users\Michelle Jasmine\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-15 01:46

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
Ran by Michelle Jasmine (2016-06-17 02:43:18)
Running from C:\Users\Michelle Jasmine\Downloads
Windows 8.1 (Update) (X64) (2014-08-04 02:33:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2115966475-1567825624-3805393455-500 - Administrator - Disabled)
Guest (S-1-5-21-2115966475-1567825624-3805393455-501 - Limited - Enabled) => C:\Users\Guest
Michelle Jasmine (S-1-5-21-2115966475-1567825624-3805393455-1001 - Administrator - Enabled) => C:\Users\Michelle Jasmine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.1.2.114 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.61.2.12974 - AVG Technologies)
AVG (Version: 16.81.7640 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4604 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.81.7640 - AVG Technologies)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 19.4.0.518 - AVG Technologies)
AVG Zen (Version: 1.61.9 - AVG Technologies) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FMW 1 (Version: 1.92.4 - AVG Technologies) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ginger (HKLM-x32\...\InstallShield_{1EBF9A59-F4E3-4EA7-BA97-76703C1432F6}) (Version: 3.7.41 - Ginger Software)
Ginger (x32 Version: 3.7.41 - Ginger Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Leawo PowerPoint to Video Free version 1.8.0.45 (HKLM\...\{CF143FD7-FAA3-48C4-81B5-DFE18E1FC216}_is1) (Version: - Leawo Software)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2053 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ Run Time Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.0.124 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1016 - Microsoft Corporation) Hidden
Oovoo Toolbar (HKLM-x32\...\{4F564F32-5637-4300-76A7-A758B70C0F03}) (Version: 12.15.3.812 - APN, LLC)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (04/03/2013 2.0.0.16) (HKLM\...\ABFE641926C15116CB09A41A6F65DE6F260D04E3) (Version: 04/03/2013 2.0.0.16 - ASUS)
Windows Driver Package - Synaptics (SmbDrv) System (12/20/2012 16.3.7.0) (HKLM\...\8D889180E2A10B494B566FD27B7483E5AA652B51) (Version: 12/20/2012 16.3.7.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2115966475-1567825624-3805393455-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2115966475-1567825624-3805393455-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2115966475-1567825624-3805393455-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3170D8-573A-4AC2-8A0B-18E00104C39C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {223DE5F5-2454-4F49-913B-4C4DBDC797AA} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {28D1D3C7-0B85-4405-8679-3CC6B2EDAF5F} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {2C4E8CD7-72B2-41F5-99CB-374B978E373A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {311A34A8-AE64-4EFC-A01D-E1C831EE0AFA} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {32D03F60-A533-49B5-9620-5EC5386C0ABE} - System32\Tasks\Open Chrome => Chrome.exe --new-window
Task: {38CFD2A3-98FB-4773-83EF-DC7A4F71AA0E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {4D85F829-2EE3-4933-9579-195FFCE03760} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{AF037E0B-EE16-4416-B478-90E25A2F5B3C}.exe [2014-08-26] ()
Task: {550507EC-50CD-47C1-848C-82CD4CFBB582} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{C21CA71F-D91B-4C93-B530-51044AC5FB65}.exe [2015-09-08] ()
Task: {576EBB90-8559-4EFF-A1FB-37E39B8D7B33} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2115966475-1567825624-3805393455-1001 => C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-24] (Microsoft Corporation)
Task: {6B925144-5665-47EE-A597-F68D21F3993D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {6CDF2C8C-8597-4235-8BE4-925DD9062391} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {70101854-6658-4A29-8A6E-DDFABBB3EEBC} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {72D1E9B7-E368-487E-9160-40939DA5456A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {79DADC2D-EA2B-41BB-BE4A-38DDD866E77F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-26] (Microsoft Corporation)
Task: {97CA031B-EE7E-4F06-A7D0-57AF4A467B36} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {9DB88504-B2AB-4275-BB15-329BDF55EBEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {9EBD2BAC-D4B4-4EC4-B83B-47F2F7859C4E} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{db9f8474-be4c-b802-db9f-f8474be411d2}\microsoft-word-2013 (1).exe <==== ATTENTION
Task: {9FA084B8-2975-4425-A4C9-6E7992D2CCE4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {A3BCBBA8-E117-44E4-AB04-16EE0BD11709} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2115966475-1567825624-3805393455-1001
Task: {A59E8B6E-17F3-4C3B-B3C0-8A8207D7A8E5} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {A71A17C3-5298-49D6-9366-834216754A0E} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {A9953D5B-FDA6-42B3-AA21-4D19F6E79626} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-26] (Microsoft Corporation)
Task: {B7F18E43-BA57-4149-8550-D3A6B6BE0C9C} - System32\Tasks\0715tbUpdateInfo => C:\ProgramData\Avg_Update_0715tb\0715tb_{28FFCC0B-EBBB-45E2-8F0D-AA8DCFB805BE}.exe [2015-07-16] ()
Task: {DAC53BA0-DA41-4661-BE46-98169C271383} - System32\Tasks\AdobeAAMUpdater-1.0-MichelleJasmine-Michelle Jasmine => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {E19EE0A0-1E0A-45DB-9CB2-874C0224962E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0715tbUpdateInfo.job => C:\ProgramData\Avg_Update_0715tb\0715tb_{28FFCC0B-EBBB-45E2-8F0D-AA8DCFB805BE}.exe
Task: C:\WINDOWS\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{C21CA71F-D91B-4C93-B530-51044AC5FB65}.exe
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{db9f8474-be4c-b802-db9f-f8474be411d2}\microsoft-word-2013 (1).exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe--new-window !MICHELLEJASMINE\Michelle Jasmine

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Michelle Jasmine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2015-06-13 14:17 - 2015-06-13 14:17 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-21 03:38 - 2016-05-26 02:13 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-24 01:22 - 2016-05-24 01:22 - 00959168 _____ () C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-20 13:17 - 2016-04-20 13:16 - 00168008 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\loggingserver.exe
2016-06-12 15:31 - 2016-06-12 15:31 - 02662472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-04-20 13:17 - 2016-04-20 13:16 - 00527944 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\log4cplusU.dll
2016-04-10 18:35 - 2016-04-10 18:35 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2013-10-06 20:49 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2016-06-09 02:30 - 2016-06-03 18:56 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-09 02:30 - 2016-06-03 18:56 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\libegl.dll
2016-06-09 02:30 - 2016-06-03 18:56 - 17565848 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michelle Jasmine\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\StartupApproved\Run: => "ooVoo.exe"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2115966475-1567825624-3805393455-1001\...\StartupApproved\Run: => "SearchProtection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D5DC6C83-BE32-4DCF-9254-F435E67A09F5}] => (Allow) C:\Users\Michelle Jasmine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A181F7E6-9E12-4BF8-A1A5-24BCF81E460F}] => (Allow) C:\Users\Michelle Jasmine\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{6F478C0F-3350-4C90-8F67-A4E961FAA10B}C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{344E59CC-2E7C-4C03-83C3-80246BAD79EA}C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E680CC80-7E92-49C1-B667-C6590678EA66}C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6D6A3E18-D8F3-4F8C-8CDD-BDEFBE084EFB}C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\michelle jasmine\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F2B31906-DD6A-45A3-91FF-FE0E3A77208F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{12223DA3-0792-46D5-8D6A-36EFF3A47494}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => (Allow) LPort=1900
FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => (Allow) LPort=2869
FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6BE860B1-1433-45F9-89FE-7789F36173C2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{C614AA9D-1C89-47A7-96EB-0C13629E5C0E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{CB5D40D2-B7F1-4BA9-9147-DE4BC544521D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81CEBC54-0492-4E57-AD89-F1DBF5E98121}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{897122B7-ABD0-4EBE-A2DE-61EA80F4CD50}] => (Allow) C:\Users\Michelle Jasmine\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{F9D90CD5-3BF7-4192-85E5-01098E13960E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{E9667F56-74E6-43FD-8593-06AE7957D6DF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3956E797-B308-4B90-85D3-E1C534B563CA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C3A99554-C68A-4467-97F4-DBA98C7B6E91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03677785-0847-487A-8B0B-707F0D721294}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{33C085B3-A89F-45D7-9A13-EA3772E38910}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{3B77E699-0B37-43EC-9713-107144FACAA6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{2AB57185-BE68-4579-86DC-D19F37D7AA5F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{BB06005F-B48E-4409-9554-4D044A3E33F5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6A503396-FF38-4119-806C-91C3F233A82C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

27-05-2016 00:49:24 Windows Update
03-06-2016 05:22:35 Scheduled Checkpoint
10-06-2016 22:50:17 Scheduled Checkpoint
16-06-2016 02:27:54 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/17/2016 02:00:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/17/2016 01:00:01 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/17/2016 12:00:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 08:58:30 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 07:03:54 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 03:05:44 PM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 11:07:25 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 07:09:02 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 03:04:12 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).

Error: (06/16/2016 02:00:00 AM) (Source: ESENT) (EventID: 467) (User: )
Description: svchost (1328) SRUJet: Database C:\WINDOWS\system32\SRU\SRUDB.dat: Index AppIdTimeStamp of table {973F5D5C-1D90-4944-BE8E-24B94231A174} is corrupted (0).


System errors:
=============
Error: (06/16/2016 01:11:30 AM) (Source: DCOM) (EventID: 10001) (User: MICHELLEJASMINE)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1UnavailableUnavailable

Error: (06/16/2016 01:11:28 AM) (Source: DCOM) (EventID: 10010) (User: MICHELLEJASMINE)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (06/14/2016 01:24:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2016 01:24:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (06/14/2016 01:24:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (06/14/2016 01:24:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:17:52 PM on ‎6/‎13/‎2016 was unexpected.

Error: (06/13/2016 07:36:35 AM) (Source: DCOM) (EventID: 10010) (User: MICHELLEJASMINE)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (06/13/2016 03:37:58 AM) (Source: DCOM) (EventID: 10001) (User: MICHELLEJASMINE)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1UnavailableUnavailable

Error: (06/13/2016 03:37:58 AM) (Source: DCOM) (EventID: 10010) (User: MICHELLEJASMINE)
Description: Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1

Error: (06/12/2016 10:38:34 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 2605:e000:b48b:ad00::3 with the system
having network hardware address 80-ED-2C-5E-A0-4B. Network operations on this system may
be disrupted as a result.


CodeIntegrity:
===================================
Date: 2016-06-16 19:06:51.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:51.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:50.435
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:49.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:49.107
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:48.514
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 19:06:47.895
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 01:14:50.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 01:14:48.521
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-06-16 01:14:46.922
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\AVG\Framework\Common\avgfmwbasea.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 70%
Total physical RAM: 3981.72 MB
Available physical RAM: 1165.85 MB
Total Virtual: 8825.14 MB
Available Virtual: 5617.7 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.8 GB) (Free:53.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:157.74 GB) (Free:157.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 568814A2)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back