Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old April 22nd, 2017, 09:32 AM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
Potentially unwanted modification found (and my Twitter has been hacked)

I have just run a Malwarebytes scan. I have run a few since last night when I discovered that my Twitter may have been hacked. No issues were found.

Now a Malwarebytes scan has found the following:

(copied from the report): PUM.Optional.HomepageControl, HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HOMEPAGE, Replaced, [16277], [293330],1.0.1775

What else do I need to do to make sure the computer is safe?

I am so sorry to post multiple threads but I am not sure if the two phenomena are linked or not. I am thinking not, else Malwarebytes would have flagged something-up earlier. And if my entire computer has been hacked it could be devastating in effect as I use this for everything.

Folks, please help. :-(

If someone could also help with the Twitter issue I would be grateful, as to what to do. I had a an email saying someone had tried to access it and I clicked on the link. That was a stupid thing to do but I think it was legit, it was from verify@twitter.com.

I look at my login details and use an IP tracker to see who they are. What I fond is this:

1. A load of accessing of the account in the early hours of the morning. The IP addresses are all registered to my ISP and are pinpointed by the various IP trackers to be in or near my town. I use apps like TwitLonger, could these accesses be from that? Because you have to give it access to your account

2. A log-in from Virgin Media, which is not my ISP. All the other IP addresses begin with 92, 88, 85 and 92 EXCEPT this one that begins 77. Curiously, the IP trackers pinpoint this IP address not just to my town but to an area of it which is literally a mile away. Was this a hack, or are the IP trackers mistaken in saying it was a Virgin Media IP?

What I have done since is to change the password at an internet cafe and added two-step verification.

I am desperate for help, I rely on this computer for me and an elderly relative who is housebound. I don't drive so I order her grocery shopping and other provisions on it. :-(

I run off Windows 10.

Folks if you can help, please do, I am going out of my mind with worry.
Reply With Quote


  #2  
Old April 24th, 2017, 07:30 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hello Latters87 and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Code:
What I have done since is to change the password at an internet cafe and added two-step verification.
Good. This is the right practice. Use an effective password. Do not open emails you are not sure about.

================================================== ======
Let's check.

Please do this;

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Have a nice day.

Reply With Quote
  #3  
Old April 28th, 2017, 07:36 PM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
Hi there, thanks for your reply. I am sorry that I haven't been around, but here goes!
Reply With Quote
  #4  
Old April 29th, 2017, 10:40 AM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by AsusComputer (29-04-2017 10:34:28)
Running from C:\Users\AsusComputer\Downloads
Windows 10 Home Version 1703 (X64) (2017-04-20 08:58:54)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1522325972-3429824536-1209266036-500 - Administrator - Disabled)
AsusComputer (S-1-5-21-1522325972-3429824536-1209266036-1001 - Administrator - Enabled) => C:\Users\AsusComputer
DefaultAccount (S-1-5-21-1522325972-3429824536-1209266036-503 - Limited - Disabled)
Guest (S-1-5-21-1522325972-3429824536-1209266036-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 6.1.14 - ASUS)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.103 - ICEpower a/s)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.2097 - AVG Technologies)
AVG (Version: 1.181.1 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.74.1 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
FMW 1 (Version: 1.182.1 - AVG Technologies) Hidden
Football Manager 2017 (HKLM\...\Steam App 482730) (Version: - Sports Interactive)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/21/2015 8.0.0.19) (HKLM\...\DE393C6A9AB085F9E19765D003555C3D360497DB ) (Version: 10/21/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
ZoneAlarm Firewall (x32 Version: 15.0.123.17051 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.123.17051 - Check Point)
ZoneAlarm Security (x32 Version: 15.0.123.17051 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A43D21-B343-479F-A4BE-2CBA9FAE27CC} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
Task: {0D63F20A-0C53-4540-A29E-7F910722495D} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {167E344F-8D39-4FAA-8E95-FDF6AFAB0581} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {1AE63866-00CC-45AA-A728-377E2C8DC462} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {1EE73078-518E-422A-A28F-0E125020635F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.)
Task: {2337875B-281E-4D5C-8C5E-5B9E6E4021DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {26BC8D0F-34FC-4F2D-B05A-FFC61A2E6FEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.)
Task: {46ABB01D-D270-47F3-8A03-74D7320C4A82} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-03-31] (AVG Technologies CZ, s.r.o.)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {7EF8562F-4DAB-40EE-B0F4-50FAB47A95CE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {8A0D96C9-9F04-4E32-B819-3A98866C716C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-14] (Realtek Semiconductor)
Task: {97A9E8E8-A390-4D4E-A49A-AB14E87D1960} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {9B1010F5-B439-4DF2-8DC6-EBC8D277CF6C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS)
Task: {9E082713-3FFE-4499-A06D-261CDA18D1CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2016-03-02] (ASUS)
Task: {AD703579-9DC3-4ED9-BD2C-B8815C7CDDEE} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {C814935B-7E85-4F25-B9AB-A6816DEE16F5} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {D5FCE0DA-0FEB-4921-9887-A45AF7559DF5} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {DBD65780-E9F4-468B-8F3A-13192C1CA2A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-12-14] (Realtek Semiconductor)
Task: {E6DA7DC8-F3FD-43E6-B8AB-BD0605233E47} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-03-03 10:02 - 2015-10-26 14:30 - 00395368 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 21:59 - 2017-03-20 04:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2017-04-27 00:26 - 2017-04-19 06:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libgl esv2.dll
2017-04-27 00:26 - 2017-04-19 06:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libeg l.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-03-05 23:48 - 2017-03-05 23:48 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-03-05 23:49 - 2017-03-05 23:49 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-03-31 17:47 - 2017-03-31 17:47 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-03-31 17:47 - 2017-03-31 17:47 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-03-24 13:04 - 2016-03-02 20:07 - 01481728 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2016-03-24 13:04 - 2016-03-02 20:07 - 00073728 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2016-12-16 19:02 - 2016-12-16 19:02 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NetSetupSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1C7D733C-EAFE-4021-AEC7-7E5531BB2F9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B4B53140-6B3C-4F3E-8E52-4A5924538188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{033B6B25-B4E8-4585-BDEF-9FE8B733B8C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{F5F1A7C7-E163-493F-95E5-77C65D33C118}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7D0FBF11-2848-4208-9528-D00D0E11E3CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{220D45C6-4926-40E1-845D-FD1F7F566A6A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{095F7CE1-D601-40FF-89DE-22B5C0EF14AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97471493-F33B-4D83-9779-7816B3A596CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A6D932F2-78BF-45F3-A0C2-1DD9C5341971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B51601E2-B10D-4327-AE6C-4F475F92CAD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{758D054B-9FA2-42FE-B36D-18B365AD32D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49494EF5-12B8-4BEE-9DC9-F6DE32DCBB6F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0851A411-3445-4818-8565-AFE4EEBDD24A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8DE96095-92AF-4602-966D-42E35DB13C90}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9939A75B-F3FD-429C-BEFF-E41A124B4B0E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{898203D3-2C4E-4F51-BE07-0B1EC6E66629}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4D02958B-6DE9-42C2-888B-2FC1F45A25A2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{FCDF67A5-4A02-413D-AA55-1E18A512AD6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

20-04-2017 17:55:23 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2017 05:50:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 05:50:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (4).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 05:50:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (2).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 05:50:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (3).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 05:50:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 05:01:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x576b4ce8
Faulting module name: ntdll.dll, version: 10.0.15063.0, time stamp: 0xa82cc161
Exception code: 0xc0000005
Fault offset: 0x00062f18
Faulting process ID: 0x2570
Faulting application start time: 0x01d2bf6f188c9af0
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 45fdbddd-0ad8-40d3-97f7-bb3c29890d9f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/27/2017 02:30:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 02:29:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (4).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 02:29:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (4).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.

Error: (04/27/2017 02:29:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstalle r_enu (4).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f6 2dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.15063.0_none_583b863 9f462029f.manifest.


System errors:
=============
Error: (04/29/2017 09:40:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Dynamic Application Loader Host Interface service to connect.

Error: (04/29/2017 09:38:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/29/2017 09:38:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (04/29/2017 09:38:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/29/2017 09:38:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/29/2017 09:37:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft_WPS_UpdateService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/29/2017 09:37:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Kingsoft_WPS_UpdateService service to connect.

Error: (04/29/2017 09:37:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (04/28/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/28/2017 10:28:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3700 @ 1.60GHz
Percentage of memory in use: 80%
Total physical RAM: 3999.96 MB
Available physical RAM: 768.2 MB
Total Virtual: 5215.96 MB
Available Virtual: 1190.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:309.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS
Drive f: (WALKMAN) (Removable) (Total:3.45 GB) (Free:0.58 GB) FAT32

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 1F594F68)

Partition: GPT.

================================================== ======
Disk: 1 (MBR Code: Windows XP) (Size: 3.5 GB) (Disk ID: 0049C3BC)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)

==================== End of Addition.txt ============================
Reply With Quote
  #5  
Old April 29th, 2017, 10:40 AM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by AsusComputer (administrator) on DESKTOP-K2CQ058 (29-04-2017 10:31:52)
Running from C:\Users\AsusComputer\Downloads
Loaded Profiles: AsusComputer (Available Profiles: AsusComputer)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.e xe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.ex e
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64. exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-03-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239104 2017-03-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-09-07] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{205fcd20-5319-4538-81c3-7fafc9325457}: [DhcpNameServer] 172.23.0.1 172.23.0.2
Tcpip\..\Interfaces\{c2297d45-bcf8-4ab0-a4ae-1c648280cf66}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default [2017-04-29]
CHR Extension: (Google Slides) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-12-16]
CHR Extension: (Google Docs) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-12-16]
CHR Extension: (Google Drive) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-12-16]
CHR Extension: (YouTube) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-12-16]
CHR Extension: (Adblock Plus) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb [2017-03-22]
CHR Extension: (Google Sheets) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\ User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-04-27]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-10] (SUPERAntiSpyware.com)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.e xe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-03-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-03-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428680 2017-03-23] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353896 2015-10-26] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-09-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-08-09] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [794424 2016-09-07] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166136 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [310056 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336408 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-03-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-03-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-04-29] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102136 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76688 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1006040 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [557912 2017-04-29] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [165048 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340688 2017-03-31] (AVG Technologies CZ, s.r.o.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-12] ()
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.s ys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5906320 2015-10-26] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-26] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 10:31 - 2017-04-29 10:33 - 00020540 _____ C:\Users\AsusComputer\Downloads\FRST.txt
2017-04-29 10:31 - 2017-04-29 10:31 - 00000000 ____D C:\FRST
2017-04-29 10:29 - 2017-04-29 10:29 - 02427392 _____ (Farbar) C:\Users\AsusComputer\Downloads\FRST64.exe
2017-04-28 19:36 - 2017-04-28 19:36 - 01768448 _____ (Farbar) C:\Users\AsusComputer\Downloads\FRST.exe
2017-04-27 17:50 - 2017-04-27 17:50 - 00000536 _____ C:\Users\AsusComputer\Downloads\ESET 1.txt
2017-04-27 14:27 - 2017-04-27 14:27 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (4).exe
2017-04-27 12:23 - 2017-04-27 12:23 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-04-27 12:23 - 2017-04-27 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-27 12:13 - 2017-04-27 12:19 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (2).exe
2017-04-27 12:05 - 2017-04-28 19:41 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\vlc
2017-04-27 12:05 - 2017-04-27 14:26 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\dvdcss
2017-04-27 12:04 - 2017-04-27 12:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-04-27 11:57 - 2017-04-27 11:58 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (1).exe
2017-04-26 14:37 - 2017-04-26 14:37 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (3).exe
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331.p df
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331 (2).pdf
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331 (1).pdf
2017-04-26 08:36 - 2017-04-26 08:36 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (2).exe
2017-04-25 21:34 - 2017-04-25 21:34 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (4).exe
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (3).exe
2017-04-25 21:20 - 2017-04-25 21:20 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (2).exe
2017-04-25 20:57 - 2017-04-25 20:57 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\25765CFC.sys
2017-04-25 11:59 - 2017-04-25 11:59 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046.e xe
2017-04-25 09:40 - 2017-04-25 09:40 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller (1).zip
2017-04-24 21:57 - 2017-04-24 21:57 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller.zip
2017-04-24 21:53 - 2017-04-24 21:53 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (2).exe
2017-04-24 21:51 - 2017-04-24 21:51 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (1).exe
2017-04-24 21:50 - 2017-04-24 21:50 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller.exe
2017-04-24 21:50 - 2017-04-24 21:50 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\DBG
2017-04-24 21:47 - 2017-04-24 21:47 - 00027611 _____ C:\Users\AsusComputer\Downloads\MTB.txt
2017-04-24 21:45 - 2017-04-24 21:45 - 00892416 _____ (Farbar) C:\Users\AsusComputer\Downloads\MiniToolBox.exe
2017-04-24 19:27 - 2017-04-24 19:27 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32.exe
2017-04-24 09:13 - 2017-04-24 09:13 - 00001260 _____ C:\Users\AsusComputer\Downloads\Malwarebytes.txt
2017-04-21 18:22 - 2017-04-21 18:22 - 00001285 _____ C:\Users\AsusComputer\Downloads\malwarebytes scan with PUM 21.04.2017.txt
2017-04-21 09:44 - 2017-04-21 09:44 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMa intenance
2017-04-20 19:55 - 2017-04-20 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-20 19:46 - 2017-04-20 20:35 - 00000000 ____D C:\Users\AsusComputer\Desktop\mbar
2017-04-20 19:46 - 2017-04-20 19:46 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-20 19:44 - 2017-04-20 19:44 - 16563352 _____ (Malwarebytes Corp.) C:\Users\AsusComputer\Downloads\mbar-1.09.3.1001.exe
2017-04-20 18:01 - 2017-04-20 18:01 - 00002586 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2017-04-20 18:01 - 2017-02-21 09:29 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-04-20 10:11 - 2017-04-20 10:11 - 00000000 ____D C:\Windows.old
2017-04-20 10:10 - 2017-04-20 10:10 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-20 10:10 - 2017-04-20 10:10 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-20 10:10 - 2017-04-20 10:10 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-20 10:08 - 2017-04-20 10:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-20 10:08 - 2017-04-20 10:08 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-20 10:06 - 2017-04-20 10:06 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files\MSBuild
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-20 10:02 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNativ e_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-20 10:02 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-20 10:00 - 2017-04-20 10:00 - 00000020 ___SH C:\Users\AsusComputer\ntuser.ini
2017-04-20 09:56 - 2017-04-20 09:57 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-20 09:56 - 2017-04-20 09:57 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-20 09:49 - 2017-04-29 09:43 - 00911014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 09:48 - 2017-04-29 09:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-20 09:48 - 2017-04-29 08:55 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-20 09:48 - 2017-04-28 12:00 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-04-20 09:48 - 2017-04-28 12:00 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-04-20 09:48 - 2017-04-20 17:50 - 00004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-04-20 09:48 - 2017-04-20 10:06 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-20 09:48 - 2017-04-20 09:48 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineU A
2017-04-20 09:48 - 2017-04-20 09:48 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineC ore
2017-04-20 09:48 - 2017-04-20 09:48 - 00002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-04-20 09:48 - 2017-04-20 09:48 - 00002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-04-20 09:48 - 2017-04-20 09:48 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2017-04-20 09:48 - 2017-04-20 09:48 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-04-20 09:48 - 2017-04-20 09:48 - 00002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-04-20 09:48 - 2017-04-20 09:48 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-04-20 09:48 - 2017-04-20 09:48 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-20 09:48 - 2017-04-20 09:48 - 00002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-04-20 09:48 - 2017-04-20 09:48 - 00002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-04-20 09:48 - 2017-04-20 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-04-20 09:48 - 2017-04-20 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-04-20 09:39 - 2017-04-20 09:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-20 09:30 - 2017-04-20 09:40 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-20 09:28 - 2017-04-20 09:28 - 00000000 ____D C:\ProgramData\USOShared
2017-04-20 09:27 - 2017-04-20 23:33 - 00000000 ____D C:\Users\AsusComputer
2017-04-20 09:20 - 2017-04-29 09:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-20 09:20 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files\Intel
2017-04-20 09:20 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-20 09:20 - 2017-04-20 09:20 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-04-20 09:20 - 2017-04-20 09:20 - 00000000 ____D C:\ProgramData\SetupTPDriver
2017-04-20 09:20 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-20 09:20 - 2015-10-26 14:30 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-04-20 09:20 - 2015-10-26 14:30 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-04-20 09:19 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files (x86)\Intel
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_0 2_00_00.Wdf
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\Program Files\Realtek
2017-04-20 09:17 - 2017-04-28 23:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-20 09:17 - 2017-04-20 09:17 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-20 09:16 - 2017-04-25 21:00 - 00381440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-17 20:18 - 2017-04-20 22:40 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-17 10:10 - 2017-04-17 10:10 - 00030101 _____ C:\Users\AsusComputer\Downloads\hate-crime-1516-hosb1116-tables (2).ods
2017-04-17 10:10 - 2017-04-17 10:10 - 00030101 _____ C:\Users\AsusComputer\Downloads\hate-crime-1516-hosb1116-tables (1).ods
2017-04-16 09:13 - 2017-04-16 09:13 - 00522571 _____ C:\Users\AsusComputer\Downloads\SSRN-id1912028.pdf
2017-04-14 09:00 - 2017-04-14 09:00 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\UNP
2017-04-14 08:30 - 2017-04-20 09:40 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-14 08:30 - 2017-04-14 08:31 - 00000000 ____D C:\Program Files\UNP
2017-04-13 20:44 - 2017-04-13 20:44 - 02089753 _____ C:\Users\AsusComputer\Downloads\irregularmigrantsf ullreport.pdf
2017-04-13 19:09 - 2017-04-13 19:11 - 102567381 _____ C:\Users\AsusComputer\Downloads\afu (26).wmv
2017-04-12 17:04 - 2017-03-28 06:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 17:04 - 2017-03-28 06:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-06 18:39 - 2017-04-06 18:42 - 124701611 _____ C:\Users\AsusComputer\Downloads\afu (25).wmv
2017-04-05 08:36 - 2017-04-05 08:36 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-04 14:33 - 2017-04-04 14:33 - 00442860 _____ C:\Users\AsusComputer\Downloads\SN07103.pdf
2017-04-04 14:33 - 2017-04-04 14:33 - 00442860 _____ C:\Users\AsusComputer\Downloads\SN07103 (1).pdf
2017-04-04 11:53 - 2017-04-04 11:53 - 00287183 _____ C:\Users\AsusComputer\Downloads\Online-Ts-and-Cs.pdf
2017-04-03 21:17 - 2017-04-03 21:17 - 00981665 _____ C:\Users\AsusComputer\Downloads\CBP-7212 (3).pdf
2017-04-03 21:17 - 2017-04-03 21:17 - 00981665 _____ C:\Users\AsusComputer\Downloads\CBP-7212 (2).pdf
2017-04-03 21:17 - 2017-04-03 21:17 - 00981665 _____ C:\Users\AsusComputer\Downloads\CBP-7212 (1).pdf
2017-04-02 14:25 - 2017-04-02 14:25 - 00082745 _____ C:\Users\AsusComputer\Downloads\Bid Offer Spread - quick guide (1).pdf
2017-04-02 14:19 - 2017-04-02 14:19 - 00082745 _____ C:\Users\AsusComputer\Downloads\Bid Offer Spread - quick guide.pdf
2017-04-02 08:15 - 2017-04-02 08:15 - 00087904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UNPUXWorker.exe
2017-03-31 17:47 - 2017-03-31 17:47 - 00400928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 09:45 - 2017-03-05 23:49 - 00557912 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys
2017-04-29 09:45 - 2017-03-05 23:49 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
2017-04-29 09:41 - 2016-12-16 17:05 - 00000184 _____ C:\Users\AsusComputer\AppData\Roaming\sp_data.sys
2017-04-29 09:39 - 2016-12-16 17:05 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\ASUS GIFTBOX
2017-04-29 09:38 - 2016-12-16 17:05 - 00000000 __SHD C:\Users\AsusComputer\IntelGraphicsProfiles
2017-04-29 09:36 - 2017-03-18 12:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-04-29 09:35 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-29 08:57 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-28 11:40 - 2016-12-23 19:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-28 09:07 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-27 20:48 - 2016-12-18 12:54 - 00000000 ____D C:\ProgramData\TEMP
2017-04-27 17:54 - 2016-12-18 12:59 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-27 00:26 - 2016-12-16 17:14 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-27 00:26 - 2016-12-16 17:14 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-26 14:35 - 2017-02-10 09:55 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-25 20:58 - 2016-12-18 13:16 - 00000000 ____D C:\AdwCleaner
2017-04-24 12:40 - 2016-12-16 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-04-24 12:40 - 2016-12-16 19:04 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-04-23 12:43 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-21 20:45 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-21 08:53 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-20 19:55 - 2017-02-10 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-20 18:01 - 2016-12-16 17:18 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\Avg
2017-04-20 18:00 - 2016-12-16 19:02 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-20 18:00 - 2016-12-16 17:18 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\AvgSetupLog
2017-04-20 18:00 - 2016-12-16 17:18 - 00000000 ____D C:\ProgramData\Avg
2017-04-20 17:57 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-20 10:18 - 2016-12-16 17:05 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\Packages
2017-04-20 10:15 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-20 10:11 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-20 10:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-20 10:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-20 10:06 - 2016-12-16 17:13 - 00002390 _____ C:\Users\AsusComputer\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\OneDrive.lnk
2017-04-20 10:06 - 2016-12-16 17:13 - 00000000 ___RD C:\Users\AsusComputer\OneDrive
2017-04-20 10:00 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-20 10:00 - 2016-06-18 20:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-20 09:57 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-20 09:56 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-20 09:55 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-20 09:54 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-20 09:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-20 09:49 - 2017-03-20 04:44 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-20 09:48 - 2016-12-17 20:17 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-20 09:47 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-20 09:42 - 2016-12-17 00:45 - 00439032 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2017-04-20 09:40 - 2017-03-18 12:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-04-20 09:40 - 2017-02-10 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-20 09:40 - 2016-12-23 20:08 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Steam
2017-04-20 09:40 - 2016-12-23 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-20 09:40 - 2016-12-18 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-20 09:40 - 2016-12-18 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-04-20 09:40 - 2016-12-16 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-20 09:40 - 2016-06-18 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-20 09:40 - 2016-06-18 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-04-20 09:40 - 2016-03-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-04-20 09:40 - 2016-03-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-04-20 09:40 - 2016-03-24 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-20 09:32 - 2016-12-17 12:20 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-20 09:31 - 2016-12-17 12:20 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-20 09:31 - 2016-12-17 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-04-20 09:31 - 2016-12-16 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-04-20 09:31 - 2016-06-18 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-04-20 09:31 - 2016-03-24 13:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-20 09:31 - 2016-03-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-04-20 09:30 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-20 09:29 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-20 09:28 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-20 09:25 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-19 23:59 - 2017-03-20 05:15 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-19 00:24 - 2016-12-16 17:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-12 17:13 - 2016-12-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 17:09 - 2016-12-16 22:42 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 11:45 - 2017-02-10 09:55 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-05 08:33 - 2016-06-18 21:53 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-03 17:56 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-03 17:56 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 17:47 - 2017-03-05 23:49 - 01006040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-03-31 17:47 - 2017-03-05 23:49 - 00557776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys.149345552596 801
2017-03-31 17:47 - 2017-03-05 23:49 - 00340688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-03-31 17:47 - 2017-03-05 23:49 - 00165048 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-03-31 17:47 - 2017-03-05 23:49 - 00128096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys.14934555 2596801
2017-03-31 17:47 - 2017-03-05 23:49 - 00102136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-03-31 17:47 - 2017-03-05 23:49 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-03-31 17:47 - 2017-03-05 23:49 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-03-31 17:46 - 2017-03-05 23:49 - 00336408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-03-31 17:46 - 2017-03-05 23:49 - 00310056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-03-31 17:46 - 2017-03-05 23:49 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-03-31 17:46 - 2017-03-05 23:49 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-03-31 17:46 - 2017-03-05 23:49 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys

==================== Files in the root of some directories =======

2016-12-16 17:05 - 2017-04-29 09:41 - 0000184 _____ () C:\Users\AsusComputer\AppData\Roaming\sp_data.sys
2017-04-20 09:19 - 2017-04-20 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-20 09:16

==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old April 29th, 2017, 10:19 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi Latters87,

Just is my a suggestion; please uninstall. (MalwareBytes and SUPERAntiSpyware are enough.)
AVG PC TuneUp ==> Please Look
SpywareBlaster 5.5

And PC restart.
========================================
Run FRST fixlist:
Note:Run the tool (FRST) from your DeskTop based on the instructions given.Farbar Recovery Scan Tool and Fixlist file should be on the desktop.

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

Code:
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
U3 iswSvc; no ImagePath
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (4).exe
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (3).exe
C:\Users\AsusComputer\Downloads\esetsmartinstaller _enu (2).exe
C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (2).exe
C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (1).exe
2017-04-25 21:34 - 2017-04-25 21:34 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (4).exe
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (3).exe
2017-04-25 21:20 - 2017-04-25 21:20 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (2).exe
2017-04-25 09:40 - 2017-04-25 09:40 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller (1).zip
2017-04-24 21:53 - 2017-04-24 21:53 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (2).exe
2017-04-24 21:51 - 2017-04-24 21:51 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (1).exe
C:\WINDOWS\System32\Tasks\McAfee
C:\ProgramData\DP45977C.lfl
CMD: ipconfig /flushdns
EmptyTemp:
NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press theFix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

-----------------------------------------------------------------------------------
Download RogueKiller:
http://tigzy.geekstogo.com/roguekiller.php

Select the version that applies to the system.
Save to the Desktop.

After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator

At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the drive: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.
Reply With Quote
  #7  
Old May 1st, 2017, 09:22 AM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
I will run that tomorrow, I am not in much today, hang in there with me! :-D

I have now closed my Twitter account but I am worried. A few weeks ago I had an email saying that someone had tried to access my Twitter account. I clicked on the link in the email. I am now worried about that email link infecting my computer with malware, etc.

Will your recommendations get rid of any malware that this hacker may have put on my PC?
Reply With Quote
  #8  
Old May 3rd, 2017, 09:29 AM
Latters87 Latters87 is offline
New Member
 
Join Date: Apr 2017
Posts: 7
I am nervous about running the FRST 'fix' Olgun: what will it do?
Reply With Quote
  #9  
Old May 5th, 2017, 08:29 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Quote:
Originally Posted by Latters87 View Post
I am nervous about running the FRST 'fix' Olgun: what will it do?
Why are you nervous and what is the problem ?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 05:19 AM.