Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST log


  • This topic is locked This topic is locked
11 replies to this topic

#1 PhilLatterly

PhilLatterly

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 06 May 2017 - 05:14 AM

To cut a long story short: I clicked on a fake email from Twitter, which worried me about what Malware, etc could have been introduced. I posted on that here https://www.bleepingcomputer.com/forums/t/644948/malwarebytes-found-potentially-unwanted-modification-what-else-do-need-to-do/page-2 and was advised to use FRST and start a new topic on this forum.

 

I did, here: https://www.bleepingcomputer.com/forums/t/645699/frst-log-advice-please/ and also asked about an FRST fix that someone on a non-Bleeping Computer forum advised me to do.

 

Problems I have noticed recently include Internet Explorer being opened up and a Bing search for holidays in Taiwan being performed, which I didn't do, I don't use IE.

 

And last night there was something called Trc.taboola that popped-up when I clicked on a BBC news link.

 

As per the advice in the above closed threads, here is my FRST log and any help would be very gratefully received:

 

Here's the logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by AsusComputer (06-05-2017 11:07:53)
Running from C:\Users\AsusComputer\Downloads
Windows 10 Home Version 1703 (X64) (2017-04-20 08:58:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1522325972-3429824536-1209266036-500 - Administrator - Disabled)
AsusComputer (S-1-5-21-1522325972-3429824536-1209266036-1001 - Administrator - Enabled) => C:\Users\AsusComputer
DefaultAccount (S-1-5-21-1522325972-3429824536-1209266036-503 - Limited - Disabled)
Guest (S-1-5-21-1522325972-3429824536-1209266036-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 6.1.14 - ASUS)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.103 - ICEpower a/s)
AVG (HKLM\...\AvgZen) (Version: 1.181.3.3057 - AVG Technologies)
AVG (Version: 1.181.4 - AVG Technologies) Hidden
AVG Protection (HKLM-x32\...\AVG Antivirus) (Version: 17.3.3011 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
FMW 1 (Version: 1.192.3 - AVG Technologies) Hidden
Football Manager 2017 (HKLM\...\Steam App 482730) (Version:  - Sports Interactive)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (10/21/2015 8.0.0.19) (HKLM\...\DE393C6A9AB085F9E19765D003555C3D360497DB) (Version: 10/21/2015 8.0.0.19 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5247 - Kingsoft Corp.)
ZoneAlarm Firewall (x32 Version: 15.0.123.17051 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.123.17051 - Check Point)
ZoneAlarm Security (x32 Version: 15.0.123.17051 - Check Point Software Technologies Ltd.) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08A43D21-B343-479F-A4BE-2CBA9FAE27CC} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe 
Task: {167E344F-8D39-4FAA-8E95-FDF6AFAB0581} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {1AE63866-00CC-45AA-A728-377E2C8DC462} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {1EE73078-518E-422A-A28F-0E125020635F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.)
Task: {26BC8D0F-34FC-4F2D-B05A-FFC61A2E6FEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.)
Task: {46ABB01D-D270-47F3-8A03-74D7320C4A82} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-03-31] (AVG Technologies CZ, s.r.o.)
Task: {641F2715-4443-4B97-A102-DF3733DA439C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {6430CC72-EBF8-4F8C-AF87-2CCE1878ED23} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-19] (ASUSTek Computer Inc.)
Task: {6FF16087-70A1-482E-80F7-72F149C59037} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {7EF8562F-4DAB-40EE-B0F4-50FAB47A95CE} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe 
Task: {8A0D96C9-9F04-4E32-B819-3A98866C716C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-14] (Realtek Semiconductor)
Task: {8AB72DD5-EAC4-4579-BBD0-826D099FA378} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {97A9E8E8-A390-4D4E-A49A-AB14E87D1960} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {9B1010F5-B439-4DF2-8DC6-EBC8D277CF6C} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-12-02] (ASUS)
Task: {A2AB61D5-D872-47C1-967A-EAD1E3C91A7B} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2016-03-02] (ASUS)
Task: {C814935B-7E85-4F25-B9AB-A6816DEE16F5} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {D5FCE0DA-0FEB-4921-9887-A45AF7559DF5} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {DBD65780-E9F4-468B-8F3A-13192C1CA2A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-12-14] (Realtek Semiconductor)
Task: {E251C234-2DF7-4AD2-98C6-C421B188915E} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {E6DA7DC8-F3FD-43E6-B8AB-BD0605233E47} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-10 09:55 - 2017-04-12 11:45 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-03-03 10:02 - 2015-10-26 14:30 - 00395368 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 21:59 - 2017-03-20 04:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-03 09:06 - 2017-05-02 02:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
2017-05-03 09:06 - 2017-05-02 02:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2015-12-02 18:01 - 2015-12-02 18:01 - 00029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-03-05 23:48 - 2017-03-05 23:48 - 00171208 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-03-05 23:49 - 2017-03-05 23:49 - 48936448 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-03-31 17:47 - 2017-03-31 17:47 - 00177472 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-03-31 17:47 - 2017-03-31 17:47 - 00654504 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2016-12-16 19:02 - 2016-12-16 19:02 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-03-24 13:04 - 2016-03-02 20:07 - 01481728 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2016-03-24 13:04 - 2016-03-02 20:07 - 00073728 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\1001movie.com -> 1001movie.com
 
There are 6091 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 08:24 - 2015-10-30 08:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1C7D733C-EAFE-4021-AEC7-7E5531BB2F9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B4B53140-6B3C-4F3E-8E52-4A5924538188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{033B6B25-B4E8-4585-BDEF-9FE8B733B8C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2017\fm.exe
FirewallRules: [{F5F1A7C7-E163-493F-95E5-77C65D33C118}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7D0FBF11-2848-4208-9528-D00D0E11E3CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{220D45C6-4926-40E1-845D-FD1F7F566A6A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{095F7CE1-D601-40FF-89DE-22B5C0EF14AF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97471493-F33B-4D83-9779-7816B3A596CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A6D932F2-78BF-45F3-A0C2-1DD9C5341971}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B51601E2-B10D-4327-AE6C-4F475F92CAD4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{758D054B-9FA2-42FE-B36D-18B365AD32D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49494EF5-12B8-4BEE-9DC9-F6DE32DCBB6F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{0851A411-3445-4818-8565-AFE4EEBDD24A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8DE96095-92AF-4602-966D-42E35DB13C90}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9939A75B-F3FD-429C-BEFF-E41A124B4B0E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{898203D3-2C4E-4F51-BE07-0B1EC6E66629}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4D02958B-6DE9-42C2-888B-2FC1F45A25A2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{A0143087-BB1D-48CB-9875-45DD6FC9BFF1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
02-05-2017 13:22:06 JRT Pre-Junkware Removal
02-05-2017 13:35:34 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/06/2017 09:01:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/05/2017 06:50:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/04/2017 08:58:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/03/2017 09:05:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/02/2017 02:40:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/02/2017 02:38:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (11).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/02/2017 02:38:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (11).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/02/2017 02:38:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (11).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/02/2017 08:46:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
 
Error: (05/01/2017 07:04:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x576b4ce8
Faulting module name: OLEAUT32.dll, version: 10.0.15063.0, time stamp: 0xd758026f
Exception code: 0xc0000005
Fault offset: 0x00019dd4
Faulting process ID: 0x159c
Faulting application start time: 0x01d2c2a53ac11561
Faulting application path: C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll
Report ID: 8c02b683-3bac-4282-91a4-70f8f2684aa5
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/03/2017 05:41:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/03/2017 09:00:32 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address F8-3D-FF-62-06-83. Network operations on this system may
be disrupted as a result.
 
Error: (05/02/2017 02:39:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/02/2017 02:39:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ASUSCO~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/02/2017 02:39:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/02/2017 02:39:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ASUSCO~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/02/2017 02:39:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/02/2017 02:39:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ASUSCO~1\AppData\Local\Temp\ehdrv.sys
 
Error: (05/02/2017 02:39:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (05/02/2017 02:39:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ASUSCO~1\AppData\Local\Temp\ehdrv.sys
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU N3700 @ 1.60GHz
Percentage of memory in use: 81%
Total physical RAM: 3999.96 MB
Available physical RAM: 758.99 MB
Total Virtual: 6352.77 MB
Available Virtual: 2407.23 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:315.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.73 GB) NTFS
Drive f: (WALKMAN) (Removable) (Total:3.45 GB) (Free:0.58 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.5 GB) (Disk ID: 0049C3BC)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by AsusComputer (administrator) on DESKTOP-K2CQ058 (06-05-2017 11:05:46)
Running from C:\Users\AsusComputer\Downloads
Loaded Profiles: AsusComputer (Available Profiles: AsusComputer)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(ASUS) C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\AsusComputer\Downloads\FRST64 (1).exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-03-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-09-07] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-07] (SUPERAntiSpyware)
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{205fcd20-5319-4538-81c3-7fafc9325457}: [DhcpNameServer] 172.23.0.1 172.23.0.2
Tcpip\..\Interfaces\{c2297d45-bcf8-4ab0-a4ae-1c648280cf66}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-02] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-02] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-02] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default [2017-05-06]
CHR Extension: (Google Slides) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-16]
CHR Extension: (Google Docs) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-16]
CHR Extension: (Google Drive) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-16]
CHR Extension: (YouTube) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-16]
CHR Extension: (Adblock Plus) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Google Sheets) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-16]
CHR Extension: (Google Docs Offline) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-16]
CHR Extension: (Chrome Media Router) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-10] (SUPERAntiSpyware.com)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe [75264 2015-12-24] (ASUS Cloud Corporation) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-03-31] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-03-31] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [353896 2015-10-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdatesvr.exe [133480 2016-03-24] (Zhuhai Kingsoft Office Software Co.,Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-17] (TeamViewer GmbH)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-09-07] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-08-09] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [794424 2016-09-07] (Check Point Software Technologies Ltd.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166136 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [310056 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336408 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-03-31] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-03-31] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [129776 2017-04-29] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102136 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76688 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1006040 2017-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [557912 2017-04-29] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [165048 2017-03-31] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [340688 2017-03-31] (AVG Technologies CZ, s.r.o.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-12] ()
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5906320 2015-10-26] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-05-05] (Malwarebytes)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 iswSvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-06 11:02 - 2017-05-06 11:03 - 02429440 _____ (Farbar) C:\Users\AsusComputer\Downloads\FRST64 (1).exe
2017-05-05 22:33 - 2017-05-05 22:33 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046 (5).exe
2017-05-04 09:05 - 2017-05-04 09:05 - 04063110 _____ C:\Users\AsusComputer\Downloads\United Kingdom Balance of Payments - The Pink Book 2015.pdf
2017-05-04 09:05 - 2017-05-04 09:05 - 04063110 _____ C:\Users\AsusComputer\Downloads\United Kingdom Balance of Payments - The Pink Book 2015 (1).pdf
2017-05-04 09:00 - 2017-05-04 09:00 - 01483733 _____ C:\Users\AsusComputer\Downloads\pb.csdb
2017-05-02 14:38 - 2017-05-02 14:38 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (11).exe
2017-05-02 14:37 - 2017-05-02 14:37 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (9).exe
2017-05-02 14:37 - 2017-05-02 14:37 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (8).exe
2017-05-02 14:37 - 2017-05-02 14:37 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (10).exe
2017-05-02 13:23 - 2017-05-02 13:23 - 01663672 _____ (Malwarebytes) C:\Users\AsusComputer\Downloads\JRT (6).exe
2017-05-02 13:21 - 2017-05-02 13:21 - 01663672 _____ (Malwarebytes) C:\Users\AsusComputer\Downloads\JRT (5).exe
2017-05-02 11:02 - 2017-05-02 11:02 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046 (4).exe
2017-05-02 10:17 - 2017-05-02 10:17 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046 (3).exe
2017-05-02 09:57 - 2017-05-02 09:57 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046 (2).exe
2017-05-02 08:56 - 2017-05-02 08:56 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-01 14:00 - 2017-05-01 14:00 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (7).exe
2017-05-01 14:00 - 2017-05-01 14:00 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (6).exe
2017-05-01 13:23 - 2017-05-01 13:23 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-01 13:22 - 2017-05-01 13:22 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (5).exe
2017-05-01 12:10 - 2017-05-01 12:10 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (3).exe
2017-05-01 12:04 - 2017-05-01 12:04 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046 (1).exe
2017-04-30 13:04 - 2017-04-30 13:04 - 00671166 _____ C:\Users\AsusComputer\Downloads\SN03750.pdf
2017-04-30 11:13 - 2017-04-30 11:13 - 00522571 _____ C:\Users\AsusComputer\Downloads\SSRN-id1912028 (2).pdf
2017-04-30 09:12 - 2017-04-30 09:13 - 00522571 _____ C:\Users\AsusComputer\Downloads\SSRN-id1912028 (1).pdf
2017-04-29 10:34 - 2017-04-29 10:37 - 00030169 _____ C:\Users\AsusComputer\Downloads\Addition.txt
2017-04-29 10:31 - 2017-05-06 11:06 - 00019493 _____ C:\Users\AsusComputer\Downloads\FRST.txt
2017-04-29 10:31 - 2017-05-06 11:05 - 00000000 ____D C:\FRST
2017-04-29 10:29 - 2017-04-29 10:29 - 02427392 _____ (Farbar) C:\Users\AsusComputer\Downloads\FRST64.exe
2017-04-28 19:36 - 2017-04-28 19:36 - 01768448 _____ (Farbar) C:\Users\AsusComputer\Downloads\FRST.exe
2017-04-27 17:50 - 2017-04-27 17:50 - 00000536 _____ C:\Users\AsusComputer\Downloads\ESET 1.txt
2017-04-27 14:27 - 2017-04-27 14:27 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (4).exe
2017-04-27 12:23 - 2017-04-27 12:23 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-04-27 12:23 - 2017-04-27 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-27 12:13 - 2017-04-27 12:19 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (2).exe
2017-04-27 12:05 - 2017-05-01 13:54 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\vlc
2017-04-27 12:05 - 2017-04-27 14:26 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\dvdcss
2017-04-27 12:04 - 2017-04-27 12:23 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2017-04-27 11:57 - 2017-04-27 11:58 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32 (1).exe
2017-04-26 14:37 - 2017-04-26 14:37 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (3).exe
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331.pdf
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331 (2).pdf
2017-04-26 12:03 - 2017-04-26 12:03 - 00183203 _____ C:\Users\AsusComputer\Downloads\GEISLMS_20170331 (1).pdf
2017-04-26 08:36 - 2017-04-26 08:36 - 02870984 _____ (ESET) C:\Users\AsusComputer\Downloads\esetsmartinstaller_enu (2).exe
2017-04-25 21:34 - 2017-04-25 21:34 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (4).exe
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (3).exe
2017-04-25 21:20 - 2017-04-25 21:20 - 00000000 _____ C:\Users\AsusComputer\Downloads\JRT (2).exe
2017-04-25 20:57 - 2017-04-25 20:57 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\25765CFC.sys
2017-04-25 11:59 - 2017-04-25 11:59 - 04102600 _____ C:\Users\AsusComputer\Downloads\adwcleaner_6.046.exe
2017-04-25 09:40 - 2017-04-25 09:40 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller (1).zip
2017-04-24 21:57 - 2017-04-24 21:57 - 04830473 _____ C:\Users\AsusComputer\Downloads\tdsskiller.zip
2017-04-24 21:53 - 2017-04-24 21:53 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (2).exe
2017-04-24 21:51 - 2017-04-24 21:51 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller (1).exe
2017-04-24 21:50 - 2017-04-24 21:50 - 04922400 _____ (AO Kaspersky Lab) C:\Users\AsusComputer\Downloads\tdsskiller.exe
2017-04-24 21:50 - 2017-04-24 21:50 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\DBG
2017-04-24 21:47 - 2017-04-24 21:47 - 00027611 _____ C:\Users\AsusComputer\Downloads\MTB.txt
2017-04-24 21:45 - 2017-04-24 21:45 - 00892416 _____ (Farbar) C:\Users\AsusComputer\Downloads\MiniToolBox.exe
2017-04-24 19:27 - 2017-04-24 19:27 - 30533688 _____ C:\Users\AsusComputer\Downloads\vlc-2.2.4-win32.exe
2017-04-24 09:13 - 2017-04-24 09:13 - 00001260 _____ C:\Users\AsusComputer\Downloads\Malwarebytes.txt
2017-04-21 18:22 - 2017-04-21 18:22 - 00001285 _____ C:\Users\AsusComputer\Downloads\malwarebytes scan with PUM 21.04.2017.txt
2017-04-21 09:44 - 2017-04-21 09:44 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2017-04-20 19:55 - 2017-04-20 20:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-20 19:46 - 2017-04-20 20:35 - 00000000 ____D C:\Users\AsusComputer\Desktop\mbar
2017-04-20 19:46 - 2017-04-20 19:46 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-20 19:44 - 2017-04-20 19:44 - 16563352 _____ (Malwarebytes Corp.) C:\Users\AsusComputer\Downloads\mbar-1.09.3.1001.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-20 10:10 - 2017-04-20 10:10 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-20 10:10 - 2017-04-20 10:10 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-20 10:10 - 2017-04-20 10:10 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-20 10:10 - 2017-04-20 10:10 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-20 10:10 - 2017-04-20 10:10 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-20 10:08 - 2017-04-20 10:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-20 10:08 - 2017-04-20 10:08 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-20 10:06 - 2017-04-20 10:06 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files\MSBuild
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-20 10:03 - 2017-04-20 10:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-20 10:02 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-20 10:02 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-20 10:02 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-20 10:00 - 2017-04-20 10:00 - 00000020 ___SH C:\Users\AsusComputer\ntuser.ini
2017-04-20 09:56 - 2017-04-20 09:57 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-20 09:56 - 2017-04-20 09:57 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-20 09:49 - 2017-05-01 14:05 - 00921674 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-20 09:48 - 2017-05-05 16:09 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-04-20 09:48 - 2017-05-05 12:00 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-04-20 09:48 - 2017-05-05 12:00 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-04-20 09:48 - 2017-05-01 13:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-20 09:48 - 2017-04-29 14:12 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-20 09:48 - 2017-04-29 14:12 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-20 09:48 - 2017-04-20 17:50 - 00004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-04-20 09:48 - 2017-04-20 10:06 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-20 09:48 - 2017-04-20 09:48 - 00002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-04-20 09:48 - 2017-04-20 09:48 - 00002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-04-20 09:48 - 2017-04-20 09:48 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2017-04-20 09:48 - 2017-04-20 09:48 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-04-20 09:48 - 2017-04-20 09:48 - 00002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-04-20 09:48 - 2017-04-20 09:48 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-04-20 09:48 - 2017-04-20 09:48 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-20 09:48 - 2017-04-20 09:48 - 00002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-04-20 09:48 - 2017-04-20 09:48 - 00002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-04-20 09:48 - 2017-04-20 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-04-20 09:48 - 2017-04-20 09:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-04-20 09:39 - 2017-04-20 09:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-20 09:30 - 2017-04-20 09:40 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-20 09:28 - 2017-04-20 09:28 - 00000000 ____D C:\ProgramData\USOShared
2017-04-20 09:27 - 2017-04-20 23:33 - 00000000 ____D C:\Users\AsusComputer
2017-04-20 09:20 - 2017-05-06 08:59 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-20 09:20 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files\Intel
2017-04-20 09:20 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-20 09:20 - 2017-04-20 09:20 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-04-20 09:20 - 2017-04-20 09:20 - 00000000 ____D C:\ProgramData\SetupTPDriver
2017-04-20 09:20 - 2017-03-18 21:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-20 09:20 - 2015-10-26 14:30 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-04-20 09:20 - 2015-10-26 14:30 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-04-20 09:19 - 2017-04-20 09:30 - 00000000 ____D C:\Program Files (x86)\Intel
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\WINDOWS\system32\DAX2
2017-04-20 09:19 - 2017-04-20 09:19 - 00000000 ____D C:\Program Files\Realtek
2017-04-20 09:17 - 2017-05-05 19:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-20 09:17 - 2017-04-20 09:17 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-20 09:16 - 2017-04-25 21:00 - 00381440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-17 20:18 - 2017-04-20 22:40 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-17 10:10 - 2017-04-17 10:10 - 00030101 _____ C:\Users\AsusComputer\Downloads\hate-crime-1516-hosb1116-tables (2).ods
2017-04-17 10:10 - 2017-04-17 10:10 - 00030101 _____ C:\Users\AsusComputer\Downloads\hate-crime-1516-hosb1116-tables (1).ods
2017-04-16 09:13 - 2017-04-16 09:13 - 00522571 _____ C:\Users\AsusComputer\Downloads\SSRN-id1912028.pdf
2017-04-14 09:00 - 2017-04-14 09:00 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\UNP
2017-04-14 08:30 - 2017-04-20 09:40 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-14 08:30 - 2017-04-14 08:31 - 00000000 ____D C:\Program Files\UNP
2017-04-13 20:44 - 2017-04-13 20:44 - 02089753 _____ C:\Users\AsusComputer\Downloads\irregularmigrantsfullreport.pdf
2017-04-13 19:09 - 2017-04-13 19:11 - 102567381 _____ C:\Users\AsusComputer\Downloads\afu (26).wmv
2017-04-12 17:04 - 2017-03-28 06:37 - 00031232 ____N (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-12 17:04 - 2017-03-28 06:28 - 00261632 ____N (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-06 18:39 - 2017-04-06 18:42 - 124701611 _____ C:\Users\AsusComputer\Downloads\afu (25).wmv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-06 09:08 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-06 09:07 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-06 09:00 - 2016-12-16 17:05 - 00000184 _____ C:\Users\AsusComputer\AppData\Roaming\sp_data.sys
2017-05-06 08:59 - 2016-12-16 17:05 - 00000000 __SHD C:\Users\AsusComputer\IntelGraphicsProfiles
2017-05-06 08:59 - 2016-12-16 17:05 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\ASUS GIFTBOX
2017-05-05 23:01 - 2016-12-18 13:16 - 00000000 ____D C:\AdwCleaner
2017-05-05 22:32 - 2016-12-18 12:54 - 00000000 ____D C:\ProgramData\TEMP
2017-05-05 22:24 - 2017-02-10 09:55 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-04 14:48 - 2016-12-16 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-05-04 14:48 - 2016-12-16 19:04 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-05-03 09:07 - 2016-12-16 17:05 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\Packages
2017-05-03 09:06 - 2016-12-16 17:14 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-03 09:06 - 2016-12-16 17:14 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-02 13:42 - 2016-12-18 13:58 - 00000554 _____ C:\Users\AsusComputer\Desktop\JRT.txt
2017-05-02 08:57 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-02 08:56 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-02 08:54 - 2016-06-18 21:53 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-01 12:12 - 2016-12-16 17:18 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\AvgSetupLog
2017-05-01 09:58 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-29 23:45 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-29 23:44 - 2016-12-16 17:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-29 09:45 - 2017-03-05 23:49 - 00557912 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys
2017-04-29 09:45 - 2017-03-05 23:49 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
2017-04-29 09:36 - 2017-03-18 12:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-04-28 11:40 - 2016-12-23 19:03 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-27 17:54 - 2016-12-18 12:59 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-21 20:45 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-21 08:53 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-20 19:55 - 2017-02-10 09:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-20 18:01 - 2016-12-16 17:18 - 00000000 ____D C:\Users\AsusComputer\AppData\Local\Avg
2017-04-20 18:00 - 2016-12-16 19:02 - 00000000 ____D C:\Program Files (x86)\AVG
2017-04-20 18:00 - 2016-12-16 17:18 - 00000000 ____D C:\ProgramData\Avg
2017-04-20 17:57 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-20 10:15 - 2017-03-18 22:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-20 10:11 - 2017-03-18 22:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-20 10:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-20 10:11 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-20 10:06 - 2016-12-16 17:13 - 00002390 _____ C:\Users\AsusComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-20 10:06 - 2016-12-16 17:13 - 00000000 ___RD C:\Users\AsusComputer\OneDrive
2017-04-20 10:00 - 2017-03-18 22:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-20 10:00 - 2016-06-18 20:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-20 09:57 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-20 09:56 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-20 09:55 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-20 09:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-20 09:49 - 2017-03-20 04:44 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-20 09:48 - 2016-12-17 20:17 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-20 09:47 - 2017-03-18 22:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-20 09:42 - 2016-12-17 00:45 - 00439032 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2017-04-20 09:40 - 2017-03-18 12:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-04-20 09:40 - 2017-02-10 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-20 09:40 - 2016-12-23 20:08 - 00000000 ____D C:\Users\AsusComputer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-20 09:40 - 2016-12-23 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-20 09:40 - 2016-12-18 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-20 09:40 - 2016-12-18 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2017-04-20 09:40 - 2016-12-16 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-20 09:40 - 2016-06-18 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-20 09:40 - 2016-06-18 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-04-20 09:40 - 2016-03-24 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-04-20 09:40 - 2016-03-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-04-20 09:40 - 2016-03-24 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-20 09:32 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-20 09:32 - 2016-12-17 12:20 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-20 09:31 - 2016-12-17 12:20 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-20 09:31 - 2016-12-17 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-04-20 09:31 - 2016-12-16 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-04-20 09:31 - 2016-06-18 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-04-20 09:31 - 2016-03-24 13:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-20 09:31 - 2016-03-24 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-04-20 09:29 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-20 09:28 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-20 09:25 - 2017-03-18 12:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-12 17:13 - 2016-12-16 22:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 17:09 - 2016-12-16 22:42 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 11:45 - 2017-02-10 09:55 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
 
==================== Files in the root of some directories =======
 
2016-12-16 17:05 - 2017-05-06 09:00 - 0000184 _____ () C:\Users\AsusComputer\AppData\Roaming\sp_data.sys
2017-04-20 09:19 - 2017-04-20 09:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-30 12:30
 
==================== End of FRST.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 07 May 2017 - 07:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
U3 iswSvc; no ImagePath


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the Fixldog.txt and let me know what problem persists with this computer.

#3 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 10 May 2017 - 02:49 AM

Thanks, nasdaq!

 

I will be saving FRST to the desktop (so it is an icon) rather than a folder, is it okay if I save the fix list to the desktop, too?

 

Also, and forgive me for this I am paranoid about security because I do an elderly relative's financial things (shopping, bills) etc from this PC. If it was just my own financial stuff I wouldn't be so bothered. So, just to check, none of the fix compromises any security in any way, does it?

 

I know the answer is almost certainly 'No', but I just thought I would check the purpose of the fixlist here. Hope you don't mind. If I didn't I would be mithering about it!  :hysterical:


Edited by PhilLatterly, 10 May 2017 - 03:55 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 10 May 2017 - 07:35 AM

Nothing suspicious was found on you logs.
The fix is only a cleanup of some Chrome extension that are not required.
The other items on the list are Empty so nothing bad there.

Make sure you reset Chrome.

Keep me posted.

#5 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 10 May 2017 - 03:09 PM

Thank-you! I am working at the moment so need the PC firing on all cylinders, so I will post the FRST log in about 9 hours time.

 

Thanks again!



#6 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 11 May 2017 - 03:29 AM

Thanks again, nasdaq. Here's the log:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by AsusComputer (11-05-2017 09:16:32) Run:1
Running from C:\Users\AsusComputer\Downloads\FRST
Loaded Profiles: AsusComputer (Available Profiles: AsusComputer)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
U3 iswSvc; no ImagePath
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1522325972-3429824536-1209266036-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\AsusComputer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\iswSvc => key removed successfully
iswSvc => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19203818 B
Java, Flash, Steam htmlcache => 138746 B
Windows/system/drivers => 13058116 B
Edge => 3057351 B
Chrome => 64782972 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 23782 B
NetworkService => 0 B
AsusComputer => 92335768 B
 
RecycleBin => 8444562 B
EmptyTemp: => 199.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:18:08 ====


#7 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 11 May 2017 - 03:31 AM

Chrome now reset, too.  :guitar:



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 11 May 2017 - 07:11 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#9 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 12 May 2017 - 03:17 AM

Thanks for your help!

 

There is just one thing which slightly perturbs me: If I have typed text and click on a place in the text in the middle to correct and delete via the backspace it starts deletes a few letters in front of the cursor before it starts deleting the letters behind, is this anything sinister making this happen?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 12 May 2017 - 07:54 AM


Google this.
backspace starts deletes a few letters in front of the cursor

You will find many suggestions.

Hope it helps.

#11 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 17 May 2017 - 02:29 AM

Thanks, you're a saint.

 

May I ask one favour? 

 

I cleaned-up this PC so I can buy a new one and get that up and running before I scuttle this one completely. This one's dying; it keeps switching off and the screen keeps going blank.

 

Can the topic be kept open in case the new one has any issues either with contamination from this one (which shouldn't be a problem) or because it comes pre-loaded with a load of adware or key loggers, like Hewlett-Packard machines are said to?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 17 May 2017 - 08:12 AM

I normally close my topics open for 6 days.

If you have issues with the new computer I suggest you start a new topic for that computer.

When created post the URL (Link) here and I will expedite the matter.

If the Topic is closed just send me a Personal Message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users