Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBS:Malware-gen in my avast i cant get rid of


  • Please log in to reply
14 replies to this topic

#1 edwardbeyer

edwardbeyer

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 22 February 2017 - 01:07 PM

I ran my avast for a boot scan the other day and found nearly 200+ files infected with the VBS:Malware-gen worm, doing the boot scan and full system scan leaves 6 files i cant get rid of.

 

here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017
Ran by edwar (administrator) on DESKTOP-8VR3GSC (22-02-2017 11:51:59)
Running from C:\Users\edwar\Desktop
Loaded Profiles: edwar (Available Profiles: edwar)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Touchpad Handwriting\Exe\x64\AsusHWCenter64.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\ASUS Gamepad\ap\AsusGamepadServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(AO Kaspersky Lab) C:\ProgramData\Kaspersky Lab\KSDE1.0.0\Temp\temporaryFolder\updates\bin\ksde17\17.0.0.611_ksde_b\ksdeui.exe.2482_2553_4126.removeOnNextReboot
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(AO Kaspersky Lab) C:\ProgramData\Kaspersky Lab\AVP17.0.0\Temp\temporaryFolder\updates\bin\kav17\17.0.0.611_kis_b\avpui.exe.163_2553_4126.removeOnNextReboot
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-01-21] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [AsInstCD] => C:\Preload64\Patch\AsInst.exe /inst
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-13] (AVAST Software)
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-06] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-13] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-13] (AVAST Software)
Startup: C:\Users\edwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-02-15]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.10.254.5 10.10.254.6
Tcpip\..\Interfaces\{4e704586-37fb-440b-9c8f-ef41e9e94ac1}: [DhcpNameServer] 10.10.254.5 10.10.254.6
Tcpip\..\Interfaces\{7e1b5df9-2b38-476c-888a-92de6b4dc427}: [DhcpNameServer] 10.10.254.5 10.10.254.6

Internet Explorer:
==================
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-02-22] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-02-02] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-02-02] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-02-22] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-02-02] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-02] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-02-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-02-22] (AO Kaspersky Lab)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ul49kkt2.default
FF ProfilePath: C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default [2017-02-22]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default\features\{87edecd3-003d-41a4-930d-21fe024a70e5}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-02-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-02] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-02-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-13] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-13] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-13] (AVAST Software)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3697352 2017-01-29] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-21] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335360 2016-03-18] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-18] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-05-26] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [49704 2016-06-07] (ASUSTeK COMPUTER INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-30] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AGP; C:\WINDOWS\System32\drivers\AsusGamePad.sys [21592 2015-09-14] (ASUS Corporation)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [107008 2016-09-01] (ASUS Corporation)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-13] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-13] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-13] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-13] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-13] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-13] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [456456 2017-02-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-13] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-13] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-13] (AVAST Software)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
S3 farmntio; C:\Windows\system32\drivers\farmntio.sys [25144 2014-03-25] () [File not signed]
R1 gfdriver; C:\WINDOWS\System32\drivers\gfdriver.sys [51904 2015-01-14] (Titan ARC Corp.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2017-02-22] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2017-02-22] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-02-22] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [43440 2016-05-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-02-22] (AO Kaspersky Lab)
U3 klupd_klif_arkmon_66516A70; C:\ProgramData\Kaspersky Lab\AVP17.0.0\temp\66516A704F1D378E58B85D79633C103D\klupd_klif_arkmon.sys [218920 2017-02-22] (AO Kaspersky Lab)
U3 klupd_klif_arkmon_A92E8D0D; C:\ProgramData\Kaspersky Lab\AVP17.0.0\temp\A92E8D0D793A449F33C358C6E02EB8AA\klupd_klif_arkmon.sys [213280 2017-02-22] (AO Kaspersky Lab)
U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2017-02-22] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2017-02-22] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [158680 2017-02-22] (AO Kaspersky Lab)
U3 klupd_klif_mark_8D7E0B5D; C:\ProgramData\Kaspersky Lab\AVP17.0.0\temp\8D7E0B5D4F843D39AA1F644B2578B0EE\klupd_klif_mark.sys [164888 2017-02-22] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2017-02-22] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7139088 2016-05-09] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_e81efc139459a03d\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [898296 2016-01-13] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2015-09-14] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 11:51 - 2017-02-22 11:52 - 00026561 _____ C:\Users\edwar\Desktop\FRST.txt
2017-02-22 11:51 - 2017-02-22 11:51 - 00000000 ____D C:\FRST
2017-02-22 11:46 - 2017-02-22 11:51 - 02422784 _____ (Farbar) C:\Users\edwar\Desktop\FRST64.exe
2017-02-22 11:33 - 2017-02-22 11:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\edwar\Desktop\HijackThis.exe
2017-02-22 11:23 - 2017-02-22 11:32 - 42903456 _____ (IObit ) C:\Users\edwar\Downloads\advanced-systemcare-setup.exe
2017-02-22 08:30 - 2017-02-22 08:30 - 00245512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-02-22 08:30 - 2017-02-22 08:30 - 00218920 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-02-22 08:30 - 2017-02-22 08:30 - 00104720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-02-22 08:30 - 2017-02-22 08:30 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-02-22 08:25 - 2017-02-22 08:31 - 00001449 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-02-22 08:25 - 2017-02-22 08:26 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-02-22 08:25 - 2017-02-22 08:25 - 00158680 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-02-22 08:25 - 2017-02-22 08:25 - 00002158 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2017-02-22 08:25 - 2017-02-22 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-02-22 08:25 - 2017-02-22 08:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2017-02-22 08:24 - 2017-02-22 10:30 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-02-22 08:24 - 2017-02-22 08:29 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-02-22 08:24 - 2017-02-22 08:28 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-02-22 08:24 - 2017-02-22 08:25 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-02-22 08:24 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-02-22 08:24 - 2016-06-20 17:54 - 00421200 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\SET9176.tmp
2017-02-22 08:24 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-02-22 08:18 - 2017-02-22 08:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-02-22 08:11 - 2017-02-22 08:11 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-22 08:06 - 2017-02-22 08:09 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 08:06 - 2017-02-22 08:06 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 08:06 - 2017-02-22 08:06 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 08:06 - 2017-02-22 08:06 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 08:06 - 2017-02-22 08:06 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 08:06 - 2017-02-22 08:06 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 08:06 - 2017-02-22 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 08:06 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 08:05 - 2017-02-22 08:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 08:05 - 2017-02-22 08:05 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 07:59 - 2017-02-22 08:09 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 685a2348-9f5d-4b48-85c9-db26d09c2566.job
2017-02-22 07:59 - 2017-02-22 08:09 - 00000542 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 245ff50c-6047-4baa-ad77-0b7c201793c0.job
2017-02-22 07:59 - 2017-02-22 07:59 - 00003782 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 685a2348-9f5d-4b48-85c9-db26d09c2566
2017-02-22 07:59 - 2017-02-22 07:59 - 00003700 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 245ff50c-6047-4baa-ad77-0b7c201793c0
2017-02-22 07:59 - 2017-02-22 07:59 - 00000000 ____D C:\Users\edwar\AppData\Roaming\SUPERAntiSpyware.com
2017-02-22 07:59 - 2017-02-22 07:59 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-02-22 07:59 - 2017-02-22 07:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-02-22 07:59 - 2017-02-22 07:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-22 07:58 - 2017-02-22 07:59 - 29361992 _____ (SUPERAntiSpyware) C:\Users\edwar\Desktop\SUPERAntiSpyware.exe
2017-02-21 22:53 - 2017-02-21 22:51 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-20 17:59 - 2017-02-20 17:59 - 00000000 ____D C:\Users\edwar\Documents\in use torrents
2017-02-13 16:39 - 2017-02-22 07:18 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-13 16:39 - 2017-02-13 16:39 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-13 16:39 - 2017-02-13 16:39 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-13 16:39 - 2017-02-13 16:39 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-13 16:39 - 2017-02-13 16:39 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-13 16:39 - 2017-02-13 16:39 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-09 22:13 - 2017-02-09 22:13 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 22:13 - 2016-12-29 06:28 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 22:13 - 2016-09-09 12:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 22:13 - 2016-09-09 12:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 22:13 - 2016-09-09 12:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 22:13 - 2016-09-09 12:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 22:01 - 2017-02-08 22:01 - 00000279 _____ C:\Users\edwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-02-08 15:32 - 2017-02-08 15:32 - 00000039 _____ C:\Users\edwar\Desktop\ip reset.txt
2017-02-06 19:48 - 2017-02-21 22:51 - 00000000 ____D C:\AdwCleaner
2017-02-06 19:47 - 2017-02-06 19:48 - 04015056 _____ C:\Users\edwar\Desktop\adwcleaner_6.043.exe
2017-02-03 17:56 - 2017-02-03 17:56 - 00003538 _____ C:\WINDOWS\System32\Tasks\ASUS Gamepad
2017-02-03 11:19 - 2017-02-03 11:19 - 00000220 _____ C:\Users\edwar\Desktop\Borderlands.url
2017-02-03 10:37 - 2017-02-03 10:37 - 00000222 _____ C:\Users\edwar\Desktop\STAR WARS Knights of the Old Republic II The Sith Lords.url
2017-02-03 10:23 - 2017-02-03 10:23 - 00000220 _____ C:\Users\edwar\Desktop\STAR WARS Jedi Knight Jedi Academy.url
2017-02-03 10:15 - 2017-02-03 10:15 - 00000220 _____ C:\Users\edwar\Desktop\STAR WARS Jedi Knight II Jedi Outcast.url
2017-02-03 10:08 - 2017-02-03 10:08 - 00000221 _____ C:\Users\edwar\Desktop\STAR WARS Jedi Knight Dark Forces II.url
2017-02-03 10:04 - 2017-02-03 10:04 - 00000221 _____ C:\Users\edwar\Desktop\STAR WARS Dark Forces.url
2017-02-03 09:53 - 2017-02-03 09:53 - 00000000 ____D C:\Users\edwar\Documents\Games for Windows - LIVE Demos
2017-02-03 09:52 - 2017-02-03 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2017-02-03 09:51 - 2017-02-03 09:52 - 00000000 ____D C:\Users\edwar\AppData\Local\Fallout3
2017-02-03 09:51 - 2017-02-03 09:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2017-02-03 09:51 - 2017-02-03 09:51 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2017-02-02 10:45 - 2017-02-02 10:45 - 00000000 ____D C:\Users\edwar\Documents\OneNote Notebooks
2017-02-02 10:44 - 2017-02-02 10:44 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-02 10:24 - 2017-02-02 10:24 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-02-02 10:24 - 2017-02-02 10:24 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-31 11:40 - 2017-02-22 08:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-31 11:40 - 2017-01-31 11:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-31 11:20 - 2017-01-31 11:20 - 00001406 _____ C:\Users\edwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Toasts App.lnk
2017-01-27 17:28 - 2017-01-27 17:31 - 00000000 ____D C:\Users\edwar\AppData\Roaming\Ventrilo
2017-01-27 17:28 - 2017-01-27 17:28 - 00000984 _____ C:\Users\edwar\Desktop\Ventrilo.lnk
2017-01-27 17:28 - 2017-01-27 17:28 - 00000262 _____ C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2017-01-27 17:28 - 2017-01-27 17:28 - 00000000 ____D C:\Users\edwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2017-01-27 17:28 - 2017-01-27 17:28 - 00000000 ____D C:\Program Files\Ventrilo
2017-01-27 10:33 - 2017-01-27 10:33 - 00000000 ____D C:\Users\edwar\AppData\Local\Macromedia
2017-01-26 17:06 - 2017-02-17 11:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-26 17:06 - 2017-02-14 18:36 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-26 14:52 - 2017-01-26 17:06 - 00000000 ____D C:\Users\edwar\AppData\Local\Adobe
2017-01-25 12:44 - 2017-01-25 12:44 - 00001281 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon.lnk
2017-01-25 12:44 - 2017-01-25 12:44 - 00001167 _____ C:\Users\Public\Desktop\Horizon.lnk
2017-01-25 12:44 - 2017-01-25 12:44 - 00000000 ____D C:\Users\edwar\AppData\Local\Daring_Development_Inc
2017-01-25 12:44 - 2017-01-25 12:44 - 00000000 ____D C:\Program Files (x86)\Daring Development
2017-01-25 12:41 - 2017-01-25 12:42 - 00000691 _____ C:\Users\edwar\Desktop\Music.lnk
2017-01-25 08:55 - 2016-12-21 01:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 08:55 - 2016-12-20 22:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 18:10 - 2017-01-23 18:10 - 00000000 ____D C:\Users\edwar\AppData\Local\ElevatedDiagnostics
2017-01-23 15:01 - 2017-02-22 11:47 - 00000000 ____D C:\Users\edwar\AppData\Roaming\vlc
2017-01-23 14:20 - 2017-01-23 14:21 - 00000748 _____ C:\Users\edwar\Desktop\Save Editors.lnk
2017-01-23 14:00 - 2017-01-23 14:00 - 00000707 _____ C:\Users\edwar\Desktop\Stories.lnk
2017-01-23 12:38 - 2017-01-23 12:38 - 00001152 _____ C:\Users\Public\Desktop\SWF File Player.lnk
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWF File Player
2017-01-23 12:38 - 2017-01-23 12:38 - 00000000 ____D C:\Program Files (x86)\SWF File Player
2017-01-23 12:24 - 2017-01-28 13:07 - 00001030 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2017-01-23 12:24 - 2017-01-23 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-01-23 12:22 - 2017-02-19 13:23 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-01-23 10:43 - 2017-01-23 10:43 - 00000000 ____D C:\Users\edwar\Documents\Custom Office Templates
2017-01-23 10:34 - 2017-01-23 10:34 - 00000221 _____ C:\Users\edwar\Desktop\Fallout 3 - Game of the Year Edition.url
2017-01-23 08:26 - 2017-01-23 08:26 - 00000221 _____ C:\Users\edwar\Desktop\Borderlands 2.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-22 11:34 - 2017-01-21 10:48 - 00000000 ____D C:\Users\edwar\AppData\Local\VirtualStore
2017-02-22 11:33 - 2017-01-21 12:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 09:02 - 2017-01-21 11:55 - 00000000 ____D C:\Users\edwar\AppData\LocalLow\Mozilla
2017-02-22 08:30 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-22 08:29 - 2016-06-20 23:41 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2017-02-22 08:29 - 2016-06-02 22:39 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2017-02-22 08:27 - 2016-11-26 00:51 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-22 08:25 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-22 08:24 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-22 08:24 - 2015-10-30 00:28 - 00000000 ____D C:\Users\Default.migrated
2017-02-22 08:22 - 2017-01-21 10:48 - 00000182 _____ C:\Users\edwar\AppData\Roaming\sp_data.sys
2017-02-22 08:17 - 2016-03-24 13:44 - 01483802 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 08:10 - 2017-01-21 15:43 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 08:10 - 2017-01-21 10:48 - 00000000 ____D C:\Users\edwar\AppData\Local\ASUS GIFTBOX
2017-02-22 08:09 - 2017-01-21 15:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 08:09 - 2017-01-21 15:44 - 00000000 ____D C:\Users\edwar
2017-02-22 08:09 - 2016-11-26 00:51 - 00005693 ___RH C:\farstone_pe.letter
2017-02-22 08:09 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 07:59 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 07:59 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 07:58 - 2017-01-21 10:48 - 00000000 ____D C:\Users\edwar\AppData\Local\Packages
2017-02-22 00:32 - 2017-01-21 15:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 20:48 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 17:55 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-21 12:00 - 2017-01-21 15:47 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-02-21 12:00 - 2017-01-21 15:47 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-21 09:53 - 2016-11-26 00:52 - 00002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-20 18:01 - 2017-01-22 22:24 - 00000000 ____D C:\Users\edwar\AppData\Roaming\BitTorrent
2017-02-20 13:36 - 2017-01-22 18:44 - 00000000 ____D C:\Users\edwar\AppData\Local\CrashDumps
2017-02-19 21:26 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 20:54 - 2017-01-21 13:09 - 00000000 ____D C:\Users\edwar\AppData\Local\Battle.net
2017-02-19 17:12 - 2017-01-21 11:41 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-19 13:22 - 2017-01-21 13:08 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-18 11:47 - 2017-01-22 15:59 - 00000000 ____D C:\Users\edwar\Powersaves3DS
2017-02-17 19:56 - 2017-01-21 13:10 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-02-14 18:36 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 18:35 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 12:18 - 2017-01-21 15:43 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 12:18 - 2017-01-21 14:55 - 00001487 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-14 12:17 - 2017-01-21 15:47 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:47 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 12:17 - 2017-01-21 15:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-14 12:17 - 2016-11-26 00:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-13 16:41 - 2017-01-21 15:14 - 00000000 ____D C:\temp
2017-02-13 16:39 - 2017-01-21 14:26 - 00456456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148702558556204
2017-02-13 16:39 - 2017-01-21 11:41 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-13 16:39 - 2017-01-21 11:41 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-07 16:47 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-06 13:48 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 13:48 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-05 20:43 - 2016-07-16 05:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-02-05 20:43 - 2016-07-16 05:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-02-05 20:43 - 2016-07-16 05:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-02-05 20:43 - 2016-07-16 05:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-02-05 20:43 - 2016-07-16 05:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-02-03 17:57 - 2017-01-21 15:40 - 00341072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-03 17:56 - 2016-11-26 00:41 - 00000000 ____D C:\Program Files\DIFX
2017-02-03 17:56 - 2016-03-24 13:59 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-02-03 17:35 - 2017-01-21 15:00 - 00000000 ____D C:\Users\edwar\AppData\Roaming\NVIDIA
2017-02-03 17:35 - 2017-01-21 14:07 - 00000000 ____D C:\Users\edwar\Documents\My Games
2017-02-03 11:19 - 2017-01-21 12:11 - 00000000 ____D C:\Users\edwar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-02 21:37 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-02 21:36 - 2016-11-26 00:52 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-02 10:44 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-02 10:24 - 2016-11-26 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-31 11:19 - 2017-01-21 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-31 11:19 - 2017-01-21 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-25 14:34 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-01-25 14:34 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-01-25 14:34 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-01-25 14:34 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-01-25 14:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-25 14:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-01-25 14:33 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-01-25 14:33 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-01-25 14:33 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-01-25 14:33 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Com
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\IME
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Help
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-25 14:33 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-25 14:33 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-25 14:33 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-25 14:33 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-25 14:33 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-25 12:44 - 2016-03-24 14:00 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-01-21 10:48 - 2017-02-22 08:22 - 0000182 _____ () C:\Users\edwar\AppData\Roaming\sp_data.sys
2017-01-21 15:43 - 2017-01-21 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-19 18:53

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 22 February 2017 - 01:29 PM

Hello edwardbeyer and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 22 February 2017 - 01:47 PM

thanks



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 22 February 2017 - 02:19 PM

Hi edwardbeyer,
 
Your reports look good.Your reports look good.But we need to make some fixs.
===================
==============================================

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs installed:
Avast Antivirus
Kaspersky Anti-Virus

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.
 
Avast uninstall :https://www.avast.com/uninstall-utility
or;
Kaspersky Anti-Virus; http://support.kaspersky.com/common/service.aspx?el=1464
==============================================

PC restart now;

Please do the following,

Boot to Safemode with Networking

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 
next....
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

 

Thanks

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 22 February 2017 - 02:50 PM

ok, i got the reports, though there was a little problem. You had the rkill programs as to be downloaded after i was in safe mode with the networking? i had to download that separate as my computer would not connect to any network during the safe mode, and i do not know if that affected the reports. Here they are

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/22/2017 01:41:29 PM in x64 mode. (Safe Mode)
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 02/22/2017 01:41:38 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 

 

and the malwarebytes

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/22/17
Scan Time: 1:42 PM
Logfile: Malwarebytes Report.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1325
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: DESKTOP-8VR3GSC\edwar

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287952
Time Elapsed: 1 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

 

 

There you go



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 22 February 2017 - 04:42 PM

Hi again,

 

Create/Run a batch file
Open notepad and copy/paste the text in the box below into it:

net stop EventSystem
net start EventSystem

Save this as fix.bat to your desktop.

Choose to "Save type as - All Files"

 

Rightclick on the fix.bat and choose "Run as Admin".

 

That fix should not take to long.

As soon the windows has been closed, reboot your system.

=============================================================================

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 22 February 2017 - 05:25 PM

Hello sir, here is the report of the RougeKiller Program

 

RogueKiller V12.9.8.0 (x64) [Feb 21 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : edwar [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/22/2017 16:08:32 (Duration : 00:15:17)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.10.254.5 10.10.254.6 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4e704586-37fb-440b-9c8f-ef41e9e94ac1} | DhcpNameServer : 10.10.254.5 10.10.254.6 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7e1b5df9-2b38-476c-888a-92de6b4dc427} | DhcpNameServer : 10.10.254.5 10.10.254.6 ([][])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: NVMe SAMSUNG MZVPV256 +++++
--- User ---
[MBR] 1701d39b6a6a7b9f7a62709365d5a5a4
[BSP] 29d453966c2f4d52b35f99bc3cc57d49 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 243422 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 499095552 | Size: 499 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: HGST HTS721010A9E630 +++++
--- User ---
[MBR] ba21b7e3ac84fe32eaf937c524cc3df4
[BSP] 8bb2420f35c5dbb23306c526c9027d7f : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

 



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 23 February 2017 - 02:17 AM

Thank you.

Please do this:

 

Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
FF ProfilePath: C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default [2017-02-22]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-01-21 10:48 - 2017-02-22 08:22 - 0000182 _____ () C:\Users\edwar\AppData\Roaming\sp_data.sys
2017-01-21 15:43 - 2017-01-21 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

=========================================================================

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

===============================================================

 

Scan with ESET Online Scanner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked 
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

 

Regards

Yılmaz


Edited by olgun52, 23 February 2017 - 02:20 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 23 February 2017 - 01:18 PM

Ok, sorry it took so long to respond, i only have reliable internet at my college, here are the logs.

 

First the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01
Ran by edwar (23-02-2017 11:10:34) Run:1
Running from C:\Users\edwar\Desktop
Loaded Profiles: edwar (Available Profiles: edwar)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
FF ProfilePath: C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default [2017-02-22]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2017-01-21 10:48 - 2017-02-22 08:22 - 0000182 _____ () C:\Users\edwar\AppData\Roaming\sp_data.sys
2017-01-21 15:43 - 2017-01-21 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3710491005-1002382059-901691716-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value removed successfully
C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default => moved successfully
C:\Users\edwar\AppData\Roaming\Mozilla\Firefox\Profiles\ul49kkt2.default => path removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib => key not found.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
C:\Users\edwar\AppData\Roaming\sp_data.sys => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{F7BF2EEE-EEF3-4938-8395-94628EC9531F} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 293159909 B
Java, Flash, Steam htmlcache => 97525807 B
Windows/system/drivers => 87593979 B
Edge => 30771693 B
Chrome => 0 B
Firefox => 378017956 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 45870 B
NetworkService => 15468 B
edwar => 47943246 B

RecycleBin => 34826117 B
EmptyTemp: => 925 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:11:21 ====

 

 

Next is the Mini Tool Bar log:

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by edwar (administrator) on 23-02-2017 at 11:16:00
Running from "C:\Users\edwar\Desktop"
Microsoft Windows 10 Home  (X64)
Model: GL502VS Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 8260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-8VR3GSC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : swtjc.local

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : swtjc.local
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-4D-54-2C-D3-7F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : F0-D5-BF-CE-95-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : swtjc.local
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 8260
   Physical Address. . . . . . . . . : F0-D5-BF-CE-95-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8d92:5cc1:ee8b:d661%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.20.10.89(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Thursday, February 23, 2017 11:12:01 AM
   Lease Expires . . . . . . . . . . : Saturday, February 25, 2017 11:27:01 AM
   Default Gateway . . . . . . . . . : 10.20.254.254
   DHCP Server . . . . . . . . . . . : 10.10.254.1
   DHCPv6 IAID . . . . . . . . . . . : 133223871
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-CA-E2-A1-2C-4D-54-2C-D3-7F
   DNS Servers . . . . . . . . . . . : 10.10.254.5
                                       10.10.254.6
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : F0-D5-BF-CE-95-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:1f2b:1c45:284d:b90e:2fa5(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c45:284d:b90e:2fa5%3(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 50331648
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-CA-E2-A1-2C-4D-54-2C-D3-7F
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.swtjc.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : swtjc.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  srvuvdc1.swtjc.local
Address:  10.10.254.5

Name:    google.com
Addresses:  2607:f8b0:4000:80a::200e
      216.58.218.174


Pinging google.com [216.58.218.174] with 32 bytes of data:
Reply from 216.58.218.174: bytes=32 time=15ms TTL=53
Reply from 216.58.218.174: bytes=32 time=22ms TTL=53

Ping statistics for 216.58.218.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 22ms, Average = 18ms
Server:  srvuvdc1.swtjc.local
Address:  10.10.254.5

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=75ms TTL=43
Reply from 98.139.183.24: bytes=32 time=74ms TTL=43

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 74ms, Maximum = 75ms, Average = 74ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...2c 4d 54 2c d3 7f ......Realtek PCIe GBE Family Controller
  4...f0 d5 bf ce 95 d8 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...f0 d5 bf ce 95 d7 ......Intel® Dual Band Wireless-AC 8260
 10...f0 d5 bf ce 95 db ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    10.20.254.254      10.20.10.89     35
        10.20.0.0      255.255.0.0         On-link       10.20.10.89    291
      10.20.10.89  255.255.255.255         On-link       10.20.10.89    291
    10.20.255.255  255.255.255.255         On-link       10.20.10.89    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       10.20.10.89    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       10.20.10.89    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  3    331 2001::/32                On-link
  3    331 2001:0:9d38:1f2b:1c45:284d:b90e:2fa5/128
                                    On-link
 13    291 fe80::/64                On-link
  3    331 fe80::/64                On-link
  3    331 fe80::1c45:284d:b90e:2fa5/128
                                    On-link
 13    291 fe80::8d92:5cc1:ee8b:d661/128
                                    On-link
  1    331 ff00::/8                 On-link
 13    291 ff00::/8                 On-link
  3    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/23/2017 11:10:47 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/23/2017 11:10:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/22/2017 11:29:08 PM) (Source: Microsoft-Windows-RestartManager) (User: DESKTOP-8VR3GSC)
Description: Application or service 'Office Telemetry Agent' could not be shut down.

Error: (02/22/2017 06:01:35 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/22/2017 06:00:32 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/22/2017 03:58:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-8VR3GSC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/22/2017 02:03:01 PM) (Source: Microsoft-Windows-RestartManager) (User: DESKTOP-8VR3GSC)
Description: Application or service 'Office Telemetry Agent' could not be shut down.

Error: (02/22/2017 01:41:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-8VR3GSC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/22/2017 01:41:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-8VR3GSC)
Description: Activation of app Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/22/2017 01:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-8VR3GSC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (02/23/2017 11:12:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:12:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:12:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:12:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:12:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:11:30 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (02/23/2017 11:11:30 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (02/23/2017 11:11:29 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (02/23/2017 11:11:28 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/23/2017 11:11:12 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056 = An instance of the service is already running.



Microsoft Office Sessions:
=========================
Error: (02/23/2017 11:10:47 AM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x8007001f, A device attached to the system is not functioning.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/23/2017 11:10:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/22/2017 11:29:08 PM) (Source: Microsoft-Windows-RestartManager)(User: DESKTOP-8VR3GSC)
Description: 2C:\Program Files\Microsoft Office\root\Office16\msoia.exeOffice Telemetry Agent0221710884443003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B0065007200000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C004F0066006600690063006500310036005C00430032005200360034002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C0063006C00690065006E0074005C00430032005200360034002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C005600460053005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800360034005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310036005C00430032005200360034002E0064006C006C000000

Error: (02/22/2017 06:01:35 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/22/2017 06:00:32 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (02/22/2017 03:58:58 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-8VR3GSC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (02/22/2017 02:03:01 PM) (Source: Microsoft-Windows-RestartManager)(User: DESKTOP-8VR3GSC)
Description: 1C:\Program Files\Microsoft Office\root\Office16\msoia.exeOffice Telemetry Agent021175548443003A005C00500072006F006700720061006D0044006100740061005C004D006900630072006F0073006F00660074005C004F00660066006900630065005C0043006C00690063006B0054006F00520075006E005000610063006B006100670065004C006F0063006B0065007200000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C004F0066006600690063006500310036005C00430032005200360034002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C0063006C00690065006E0074005C00430032005200360034002E0064006C006C00000043003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F006600740020004F00660066006900630065005C0072006F006F0074005C005600460053005C00500072006F006700720061006D00460069006C006500730043006F006D006D006F006E005800360034005C004D006900630072006F0073006F006600740020005300680061007200650064005C004F0046004600490043004500310036005C00430032005200360034002E0064006C006C000000

Error: (02/22/2017 01:41:18 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-8VR3GSC)
Description: Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca-2144927149

Error: (02/22/2017 01:41:10 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-8VR3GSC)
Description: Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca-2144927149

Error: (02/22/2017 01:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-8VR3GSC)
Description: Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca-2144927149


CodeIntegrity Errors:
===================================
  Date: 2017-02-22 13:27:57.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-31 11:06:01.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-31 11:05:59.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-27 22:34:38.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-01-23 18:09:12.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


=========================== Installed Programs ============================

Action Replay PowerSaves 3DS version 1.45 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.45 - Datel Design & Development)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
ASUS Gamepad (HKLM-x32\...\{15717D9B-FB39-4700-8F9D-2464BB14A1E9}) (Version: 4.0.9 - ASUS)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.4.14 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.13 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.16.0002 - ASUS)
ASUS Touchpad Handwriting (HKLM-x32\...\{F3ED910A-9041-49D0-9C70-BD9E1DC5B08E}) (Version: 1.0.3 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0048 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.19 - ICEpower a/s)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Fallout 3 - Game of the Year Edition (HKLM\...\Steam App 22370) (Version:  - Bethesda Game Studios)
GameFirst IV (HKLM-x32\...\{795A0031-3DD5-43F1-BCBA-AEBA756D0FBB}) (Version: 1.5.23 - ASUS) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.23) (Version: 1.5.23 - ASUS)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Horizon (HKLM-x32\...\{6c4303a5-5115-4cfd-bf48-8af0541cd082}) (Version: 2.8.26 - Daring Development Inc.)
Horizon (HKLM-x32\...\{788E0680-8042-49A4-A77A-3D9DB7359B53}) (Version: 2.8.26 - Daring Development Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A984B01A-6823-4C0F-8E83-BE08B3256209}) (Version: 18.1.1612.3253 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{498e3edb-cc7c-42dc-832e-11fdfed6d76e}) (Version: 18.40.3 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{B294CE94-FE0F-4427-910C-180AF9FCFED1}) (Version: 1.0.1.620 - Intel Corporation)
Jedi Knight: Dark Forces II (HKLM\...\{2c4b52b6-7c52-4c74-89e1-7009ef16d36a}.sdb) (Version:  - )
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2117 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Modio 5 (HKLM-x32\...\{3DA224A5-666B-4941-8998-2F19C6D126A5}_is1) (Version:  - GameTuts)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.6965.2117 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.12 - ASUS)
RogueKiller version 12.9.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.8.0 - Adlice Software)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
STAR WARS™ Jedi Knight II: Jedi Outcast™ (HKLM\...\Steam App 6030) (Version:  - Raven Software)
STAR WARS™ Jedi Knight: Dark Forces II (HKLM\...\Steam App 32380) (Version:  - LucasArts)
STAR WARS™ Jedi Knight: Jedi Academy™ (HKLM\...\Steam App 6020) (Version:  - Raven Software)
STAR WARS™ Jedi Knight: Mysteries of the Sith™ (HKLM\...\Steam App 32390) (Version:  - LucasArts)
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM\...\Steam App 208580) (Version:  - Obsidian Entertainment)
STAR WARS™: Dark Forces (HKLM\...\Steam App 32400) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
SWF File Player (HKLM-x32\...\{6A86F611-906C-422D-B34A-103662CBC195}_is1) (Version:  - swffileplayer.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
The Elder Scrolls V: Skyrim Special Edition (HKLM\...\Steam App 489830) (Version:  - Bethesda Game Studios)
The Weather Channel (HKCU\...\The Weather Channel) (Version:  - The Weather Channel, LLC weather.com®)
TotalRecovery Pro (HKLM-x32\...\TotalRecovery) (Version: 10.0.11.2 - FarStone Inc.)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
Windows Driver Package - ASUS (AGP) HIDClass  (09/14/2015 10.0.0.14) (HKLM\...\12A217E3B4780BD3B485676534D3F12EF65E5AC7) (Version: 09/14/2015 10.0.0.14 - ASUS)
Windows Driver Package - ASUS (AsusPTPDrv) HIDClass  (08/15/2016 11.0.0.13) (HKLM\...\A2DEE012DC7578575962E3ACBE995AE145C87914) (Version: 08/15/2016 11.0.0.13 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM 2 (HKLM\...\Steam App 268500) (Version:  - Firaxis)
XCom Long War EW Mod version 1.0 (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: 1.0 - JohnnyLump)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version:  - Firaxis Games)
XSplit Gamecaster (HKLM-x32\...\{9E8A3821-032E-4230-9C12-C14D3FC8685E}) (Version: 2.8.1605.2342 - SplitmediaLabs)

========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 16316.8 MB
Available physical RAM: 13791.73 MB
Total Virtual: 18748.8 MB
Available Virtual: 16144.09 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:237.72 GB) (Free:23.67 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:794.22 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-8VR3GSC

Administrator            DefaultAccount           edwar                    
Guest                    


**** End of log ****

 

 

 

And finally the ESET Log:

 

C:\eSupport\eDriver\Software\Apextitan\GameFirst IV\1.5.23\2545\GF4WAE1523p.exe    a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\ASUS\GameFirst IV\Driver\tdi\amd64\gfdriver.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\ASUS\GameFirst IV\Driver\tdi\i386\gfdriver.sys    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\ASUS\GameFirst IV\Driver\wfp\amd64\gfdriver.sys    a variant of Win64/NetFilter.A potentially unsafe application    
C:\Program Files (x86)\ASUS\GameFirst IV\Driver\wfp\i386\gfdriver.sys    a variant of Win32/NetFilter.A potentially unsafe application    
C:\Windows\System32\drivers\gfdriver.sys    a variant of Win64/NetFilter.A potentially unsafe application    
 



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 23 February 2017 - 03:23 PM

Hello,
Most likely a false positive detection problem. Your computer looks clean.
============================
Please do the following:
 
İnternet explorer:
Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737
 

 Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings
https://support.google.com/chrome/answer/3296214?hl=en

 

Regards

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 23 February 2017 - 04:26 PM

I did the settings for the internet and i do not have chrome on my computer. What should i do next sir?



#12 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 23 February 2017 - 05:28 PM

Sorry if this post is to soon, but there was something that just happened when i was reading topics in your site on this forum. the topic:

Heur:Trojan.WinLNK.Agent.gen + Verecno googleupdate.a3x + Ink Links External HDD

seemes to be infected with a LNK-StarterA Trojan. just the first page, i can get the 2nd through the buttons with out much trouble, but the first is inaccessable to me. My avast says it blocked it in that little pop up warning in the bottom right corner of my screen, but when i look at the notifications in my actual avast window, it just says threat blocked and does not identify the name of what it blocked.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 23 February 2017 - 05:34 PM

Let me know if there are any outstanding issues?

Thank you for your patience.  Please do the following:

next.....
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista. and Disk cleanup in Windows 10

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices
How Malware Spreads - How your system gets infected
Best Practices for Safe Computing - Prevention of Malware Infection
 
Some safety suggestions !

Best regards. :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 edwardbeyer

edwardbeyer
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 23 February 2017 - 05:51 PM

Thanks, one last question. if this is a false positive, what can i do to get the avast to not react over it? i noticed this was popping up in several of the threads other than mine, which makes it seem there is something wrong with avast itself, which worries me



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:44 PM

Posted 23 February 2017 - 06:35 PM

May be. You can get to white list.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users