Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Links are redirected to spam pages; nothing found in malware scanners.


  • Please log in to reply
3 replies to this topic

#1 tavia

tavia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 10 September 2017 - 06:11 AM

Hi,

 

Problem/Symptoms:  A couple times a day, when I click on a link, it opens two tabs:  one is the actual link, but another is to a completely different spam page.  Originally the spam page was always something in Russian, but it's been English lately.  Sometimes they are the kind that put up a prompt that won't let me close the tab, and so I have to close the browser instead.  

 

History:  the linkjacking problem was originally appeared at the same time by pop ups and a change in the home page (seconds after downloading a bad torrent onto a usb drive), but Malwarebytes (main program and Adwcleaner) got rid of what was causing those.  However, the linkjacker has remained - everytime I think I've got rid of it, it's still remaining.   And I am getting clean scans from the above malware scanners.  

 

Help, please!   :(

 

LOGS

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2017
Ran by Tavi (administrator) on RUBY (10-09-2017 11:54:42)
Running from C:\Users\Tavi\Desktop
Loaded Profiles: Tavi (Available Profiles: Tavi)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\mip.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_151.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8520448 2016-04-16] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-27] (AVAST Software)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-22] (CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-03-13] (Valve Corporation)
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Run: [prsetup.exe] => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [538760 2016-06-05] (Microsoft Games ) <==== ATTENTION
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\RunOnce: [Uninstall 17.3.6943.0625\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tavi\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64"
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\RunOnce: [Uninstall 17.3.6943.0625] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tavi\AppData\Local\Microsoft\OneDrive\17.3.6943.0625"
Startup: C:\Users\Tavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-03-04]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 213.120.234.70 213.120.234.42
Tcpip\..\Interfaces\{b083a91b-ca5a-4930-94d9-1d175de70884}: [DhcpNameServer] 213.120.234.70 213.120.234.42
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
 
FireFox:
========
FF DefaultProfile: n2nplsrg.default
FF ProfilePath: C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default [2017-09-10]
FF Homepage: Mozilla\Firefox\Profiles\n2nplsrg.default -> hxxp://www.memrise.com/groups/
FF Extension: (Avast SafePrice) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\sp@avast.com.xpi [2017-09-02]
FF Extension: (Avast Online Security) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\wrc@avast.com.xpi [2017-09-02]
FF Extension: (Session Manager) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-02-04]
FF Extension: (LeechBlock) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2017-03-21]
FF Extension: (Adblock Plus) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Extension: (Greasemonkey) - C:\Users\Tavi\AppData\Roaming\Mozilla\Firefox\Profiles\n2nplsrg.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-09-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2645473726-2758460455-588782209-1001: SkypePlugin -> C:\Users\Tavi\AppData\Local\SkypePlugin\7.15.0.49\npGatewayNpapi.dll [2016-02-19] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2645473726-2758460455-588782209-1001: SkypePlugin64 -> C:\Users\Tavi\AppData\Local\SkypePlugin\7.15.0.49\npGatewayNpapi-x64.dll [2016-02-19] (Skype Technologies S.A.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Google Docs) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-06]
CHR Extension: (Google Drive) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-06]
CHR Extension: (Session Manager) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-08-10]
CHR Extension: (YouTube) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-06]
CHR Extension: (Google Search) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-06]
CHR Extension: (Tampermonkey) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-22]
CHR Extension: (Avast SafePrice) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-08-31]
CHR Extension: (Google Docs Offline) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-29]
CHR Extension: (AdBlock) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-06]
CHR Extension: (Avast Online Security) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Gmail) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-18]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-03-04] (Adobe Systems) [File not signed]
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-27] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-27] (AVAST Software)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-07-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-06-25] (WildTangent)
S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
S2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-16] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [308464 2016-04-16] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-07-02] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [320008 2017-07-27] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-07-27] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-07-27] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57728 2017-07-27] (AVAST Software s.r.o.)
R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [46984 2017-07-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [41800 2017-07-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [146704 2017-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110352 2017-07-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84392 2017-07-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1015880 2017-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [585608 2017-07-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [198768 2017-07-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [361336 2017-07-04] (AVAST Software)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43000 2015-07-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
S3 iscFlash; c:\SWSetup\SP74479\iscflashx64.sys [74920 2015-08-26] (Insyde Software)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-08] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2016-04-16] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-21] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-10 11:54 - 2017-09-10 11:55 - 000025322 _____ C:\Users\Tavi\Desktop\FRST.txt
2017-09-10 11:54 - 2017-09-10 11:54 - 000000000 ____D C:\FRST
2017-09-10 11:51 - 2017-09-10 11:51 - 002396160 _____ (Farbar) C:\Users\Tavi\Desktop\FRST64.exe
2017-09-08 21:25 - 2017-09-08 21:26 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-08 21:25 - 2017-09-08 21:25 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 21:25 - 2017-09-08 21:25 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-08 21:25 - 2017-09-08 21:25 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-08 21:25 - 2017-09-08 21:25 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-08 21:24 - 2017-09-08 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-02 19:06 - 2017-09-02 19:06 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-08-26 19:34 - 2017-08-26 19:34 - 002192227 _____ (Microsoft Games ) C:\Users\Tavi\Downloads\chesstitans.exe
2017-08-26 19:20 - 2017-08-26 19:35 - 000003384 _____ C:\WINDOWS\System32\Tasks\Chess Titans
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-10 11:52 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-10 11:52 - 2015-12-30 21:58 - 000000000 ____D C:\Users\Tavi\AppData\Local\Packages
2017-09-10 11:51 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-10 10:57 - 2017-07-08 13:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-10 10:46 - 2016-11-19 14:30 - 000000000 ____D C:\Users\Tavi\AppData\LocalLow\Mozilla
2017-09-09 12:18 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-09 12:18 - 2015-12-30 22:02 - 000000000 ___RD C:\Users\Tavi\OneDrive
2017-09-09 10:52 - 2017-07-27 16:02 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2645473726-2758460455-588782209-1001
2017-09-09 10:52 - 2015-12-30 22:02 - 000002367 _____ C:\Users\Tavi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 21:24 - 2017-06-18 16:49 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-07 18:59 - 2017-07-08 13:35 - 000003226 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTavi
2017-09-07 18:59 - 2016-06-30 08:27 - 000000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTavi.job
2017-09-05 18:16 - 2016-03-05 12:25 - 000000000 ____D C:\ProgramData\Skype
2017-09-05 18:15 - 2017-03-15 20:45 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-02 15:08 - 2016-08-20 00:15 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-09-02 01:21 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-29 22:00 - 2016-03-06 21:39 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-27 12:37 - 2016-01-24 18:41 - 000000000 ____D C:\Users\Tavi\Documents\My Kindle Content
2017-08-26 20:59 - 2016-11-18 22:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 20:59 - 2015-12-30 22:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-26 20:28 - 2015-09-30 00:27 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-24 11:27 - 2017-06-18 16:49 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-08-20 21:05 - 2015-12-30 21:58 - 000000000 __SHD C:\Users\Tavi\IntelGraphicsProfiles
2017-08-20 21:03 - 2017-07-08 13:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-15 08:27 - 2017-07-08 13:16 - 001105750 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-15 08:23 - 2017-07-08 13:17 - 000000000 ____D C:\Users\Tavi
2017-08-15 01:13 - 2017-03-18 12:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2017-08-14 22:39 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-13 19:00 - 2017-07-08 13:35 - 000004000 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1467469422
2017-08-13 18:59 - 2016-07-02 15:23 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-08-11 22:27 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
 
Files to move or delete:
====================
C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe
C:\Users\Tavi\APRO23_Win_ESD1_WWEFG.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-05 23:36
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
Ran by Tavi (10-09-2017 11:56:32)
Running from C:\Users\Tavi\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-08 12:45:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2645473726-2758460455-588782209-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2645473726-2758460455-588782209-503 - Limited - Disabled)
Guest (S-1-5-21-2645473726-2758460455-588782209-501 - Limited - Disabled)
Tavi (S-1-5-21-2645473726-2758460455-588782209-1001 - Administrator - Enabled) => C:\Users\Tavi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Amazon Kindle) (Version: 1.20.1.47037 - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-923cd0e2-1b19-442c-9100-d257c5f92d03) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-7586f85d-48b0-4a3c-9f1c-9fdf2ac8fd2a) (Version: 3.0.2.59 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-7ffe2537-73e9-4f63-ab2a-ed184c745359) (Version: 3.0.2.48 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-1148face-87ca-4d3f-bca8-4bfa3e2e2e05) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-0ae2f56e-d3f2-49be-ab2f-58375849b2a9) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version:  - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.147 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{8736f7db-10ee-4722-b588-3a7296eafc38}) (Version: 18.40.0000.4099 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{10307C17-F7FD-405D-9F3B-0BF66EA43857}) (Version: 1.0.26920.1393 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-8f5af2d4-b657-4939-9189-5b358ab92b4d) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-GB)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-8ca2bec0-eb04-47ed-ae34-599031f97d30) (Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-c3879431-772a-446d-b2c7-7772020ccf99) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.99 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7584 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-cf063a06-ad52-4329-aafb-d3c81d79ddcd) (Version: 3.0.2.126 - WildTangent) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Web Plugin (HKLM-x32\...\{D675FB66-8B6B-4950-A38E-D5BB32AF283D}) (Version: 7.15.0.49 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Trinklit Supreme (HKLM-x32\...\WTA-52620c34-de8c-46f1-ad67-c6e4d4fd228e) (Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-4009592c-52ba-4a38-94f9-d2e1d0687ad1) (Version: 3.0.2.59 - WildTangent) Hidden
Wedding Dash (HKLM-x32\...\WTA-94c4ceac-1684-4349-8f79-6c6917744205) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.16 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 2.0.0.0 - )
Youda Jewel Shop (HKLM-x32\...\WTA-eb09fe09-7014-49af-84ce-530642d22bff) (Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2645473726-2758460455-588782209-1001_Classes\CLSID\{08664A1F-F1E4-45CD-AA12-9A8A9AC99B84}\localserver32 -> C:\Users\Tavi\AppData\Local\SkypePlugin\7.15.0.49\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2645473726-2758460455-588782209-1001_Classes\CLSID\{501A1BB3-6F67-4394-8B2C-3AFAAEC7B0EB}\InprocServer32 -> C:\Users\Tavi\AppData\Local\SkypePlugin\7.15.0.49\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2645473726-2758460455-588782209-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Tavi\AppData\Local\SkypePlugin\7.15.0.49\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-27] (AVAST Software)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09165F1E-D99F-48F4-A8B6-9F29B569D03E} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-07-02] (AVAST Software)
Task: {1DD93334-9A22-40A8-A27E-DD5752031C11} - System32\Tasks\{7E9F19B4-EB33-4FDA-9415-650634228F51} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Tavi\APRO23_Win_ESD1_WWEFG.exe -d C:\Users\Tavi
Task: {2D714264-5730-4D7D-AEC1-685A992D804A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {42E59474-C615-4564-942F-7E0EC4ECD71E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {55D1EBF2-C057-4731-B915-D4B6F325CD48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {568DF3BC-AE74-4075-9A7D-FB941C6D27AB} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-07-02] (AVAST Software)
Task: {5BDDC668-037F-44F6-807D-6E8D21E60AA8} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {626EDE14-6BBE-4D3A-AA82-7F3B768097B9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-27] (AVAST Software)
Task: {63E2233E-3C1F-45D0-A7B0-E7CAF91A2693} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {6A8B55FF-ECA1-4829-A86D-A528A605709E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {6DFD87E3-50B6-46C7-82C8-DBA1AD5C10F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-30] (Google Inc.)
Task: {77977A2A-0A94-4B7F-B31A-4C99161F84B4} - System32\Tasks\SafeZone scheduled Autoupdate 1467469422 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {84CD62DE-C2C5-4957-8CE5-795D50508D4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8ACBB9A1-7177-450A-9B01-4A261D71349C} - System32\Tasks\Chess Titans => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [2016-06-05] (Microsoft Games ) <==== ATTENTION
Task: {9B290566-7C5E-4415-AF2F-1738E01F2DDE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {A6A0EE25-D917-4FB1-96CD-FCE95BF56C14} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {AF306A64-A83B-4BDF-A5BD-F3CF3B5D8FC5} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-16] (Intel Corporation)
Task: {CB7FE749-3134-462B-9836-A1ECAAF9EBAF} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {D1A90DF2-5486-4F75-82AD-C515607BC09F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {D41365C4-291F-4D99-A374-29DE7DDD9357} - System32\Tasks\HPCeeScheduleForTavi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D5B01B23-8092-45BD-B595-181EDFCBF4C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {DE6C387E-7934-4D77-9CA1-B007C50AB532} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {DE7EF22B-0182-4D07-8FA0-647E772898EE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {DE954960-3A71-483A-A9B0-51F48E1C7AE4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {E3618103-5D9B-4DF6-92AD-9B602A954526} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {E4A92F23-BCC9-421B-80C6-325FEC07B85C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {EFEFB960-9E6A-44ED-B5AA-38CF9CB1F268} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F1E46836-35DF-43D0-8587-200C966FA261} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTavi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-30 00:31 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-02 15:31 - 2016-07-02 15:32 - 000592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 003826176 _____ () C:\Windows\System32\Windows.UI.Input.Inking.Analysis.dll
2017-04-08 15:25 - 2017-04-08 15:25 - 000381440 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2017-03-18 21:59 - 2017-03-20 04:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-15 23:37 - 2017-05-09 10:13 - 003767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 23:37 - 2017-05-09 10:13 - 000100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-08-22 18:07 - 2017-08-22 18:08 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-22 18:07 - 2017-08-22 18:08 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-22 18:07 - 2017-08-22 18:08 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-22 18:07 - 2017-08-22 18:08 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-08-16 19:13 - 2017-08-16 19:13 - 029627904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 020719104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 003065856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-06-08 08:15 - 2017-06-08 08:15 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-15 08:13 - 2017-06-15 08:13 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-16 19:13 - 2017-08-16 19:13 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-06-18 16:49 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-08-09 23:18 - 2017-07-28 11:18 - 031134720 _____ () C:\Users\Tavi\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.151\pepflashplayer.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 000170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 001065936 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-07-04 21:50 - 2017-07-04 21:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 000192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 000224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 000292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-07-27 18:57 - 2017-07-27 18:57 - 000689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-10-21 16:50 - 2015-10-21 16:50 - 000988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2015-10-21 16:49 - 2015-10-21 16:49 - 000170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2015-10-21 16:49 - 2015-10-21 16:49 - 000136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2015-10-21 16:49 - 2015-10-21 16:49 - 000303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 12:04 - 2017-06-18 17:01 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tavi\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{b6dfaef2-53bc-41d3-97a3-8532b2aa4b0e}.JPG
DNS Servers: 213.120.234.70 - 213.120.234.42
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{3732FFDC-3FAB-4D38-A14C-2F9A61833F42}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9F49A99D-5A20-4116-8895-0E6DBD2145D3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{636F5E2D-68FA-4BFA-A347-2916D1E19353}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{27EF35B7-B6F0-48C1-AB06-87A53E1CB856}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{C43898D0-7847-47C0-A6F3-284908DEE28C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01AC5D4B-2808-4F6F-B797-A70B6A731EA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CE49479B-0495-4E6F-9F85-5F6676E21994}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{FECFBCC7-4230-4DAB-9177-B41CBB84C897}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{17C2DF1F-572B-4A79-8908-18B517E94CBA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0B239F4D-36AE-4475-BF28-93074C91CEB1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E77F7BFC-CDAA-442E-B766-3237D8517B61}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FFD884A5-BA1E-4762-9ABD-53E152B4683B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0B5EC511-D8B6-407A-890E-7B84D71729C9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B77053A5-F59A-4BFF-A185-3304EA2B342A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AFF60691-54B9-470B-803A-89C73A2E4F69}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{93B64306-D7C7-4E92-95EF-F05DA58F8417}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{048BA487-66C2-4E91-BE0F-84B09BB39366}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{06AEF0BE-1C33-4D3D-9BC2-6ECA44CB4A58}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{7230D6CE-FCAA-4589-89BC-5AADDEA47A74}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{2B6AC3E1-922C-42E7-B008-890842CE4D11}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{5F63F535-B3B2-4447-BDFF-8DB3E7F82571}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{1D080D3D-24B4-46FE-8B0A-146A88824737}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{F3003DED-7ED5-42EC-82B0-5F30011B16F1}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{0A539050-BDDA-43FF-B9CC-08324C5FA428}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{486C8974-C276-4D3E-8D14-A329057DFD21}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{5ACE03B9-1677-4724-AB9D-EC257EE1CC51}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AD8CAA6C-79A3-4035-9A4C-B1EE97B390B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2A35A2A4-729E-47F9-8C27-E64A3DD8C7D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7812BD09-F5DB-4FB5-B82F-91E59AAD5764}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{040B0894-CD79-47B4-BDDF-A06B8C7553D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{337B528D-E452-41F6-8CBB-E899B8DD2214}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F53EE9AD-2CCA-4A39-BD38-D7B8BF639E51}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609_0\SZBrowser.exe
FirewallRules: [{42FCD07A-6991-4C47-ACD3-C5D9D4487461}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
 
==================== Restore Points =========================
 
22-08-2017 21:20:32 Scheduled Checkpoint
02-09-2017 19:12:03 Scheduled Checkpoint
05-09-2017 21:21:15 Windows Update
09-09-2017 19:03:51 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2017 10:22:52 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/09/2017 11:15:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RUBY)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/09/2017 10:54:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/09/2017 10:54:22 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\CyberLink\PhotoDirector\Kernel\CES\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/09/2017 10:47:53 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10600.147) TYPE: ERROR
 
DPTF Build Version:  8.1.10600.147
DPTF Build Date:  May 26 2015 13:35:22
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (09/09/2017 10:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31681562
 
Error: (09/09/2017 10:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31681562
 
Error: (09/09/2017 10:47:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/09/2017 01:59:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2625
 
Error: (09/09/2017 01:59:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2625
 
 
System errors:
=============
Error: (09/10/2017 10:22:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/09/2017 07:04:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0247: HP Development Company, L.P. - System - 5/26/2017 12:00:00 AM - 6.0.21.1.
 
Error: (09/09/2017 11:17:34 AM) (Source: DCOM) (EventID: 10010) (User: RUBY)
Description: The server microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe!Hx.IPC.MoComChannel did not register with DCOM within the required timeout.
 
Error: (09/09/2017 11:15:34 AM) (Source: DCOM) (EventID: 10010) (User: RUBY)
Description: The server microsoft.windowscommunicationsapps_17.8500.40725.0_x64__8wekyb3d8bbwe!microsoft.windowslive.mail.AppX7ybzfvde833pqjpbsrp77rh0m461ej8c.mca did not register with DCOM within the required timeout.
 
Error: (09/09/2017 10:47:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 07:49:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0247: HP Development Company, L.P. - System - 5/26/2017 12:00:00 AM - 6.0.21.1.
 
Error: (09/08/2017 07:37:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 09:04:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/07/2017 09:47:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0247: HP Development Company, L.P. - System - 5/26/2017 12:00:00 AM - 6.0.21.1.
 
Error: (09/07/2017 06:34:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-08 21:25:37.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-08 21:25:37.535
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-08 21:25:37.532
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 83%
Total physical RAM: 8030.84 MB
Available physical RAM: 1356.05 MB
Total Virtual: 13930.26 MB
Available Virtual: 2237.31 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1845.07 GB) (Free:1764.04 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.7 GB) (Free:1.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (CHAMPION) (Removable) (Total:14.4 GB) (Free:0.66 GB) FAT32
Drive g: () (Removable) (Total:7.39 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: F10E4070)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 14.4 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:37 PM

Posted 10 September 2017 - 12:36 PM

hi tivia,

 

Usually only on line once or twice per day so you may not get a reply back form me until the following day. If you still need help we can start with this. After you run the FRST script you can update and rerun Malwarebytes.

 

Copy/Paste whats below into notepad. Save it has fixlist.txt in the same directory where FRST is located: Your Desktop.
Right click on FRST and select "run as admin" This time click the Fix button just once and wait, the program will automatically launch fixlist.txt. Machine will reboot to finish.
After reboot a new log will appear called fixlog.txt, please post that log in your next reply.

 

And also: the new spam tabs you see, is that only in Chrome or all browsers? We will go from there.

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Run: [prsetup.exe] => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [538760 2016-06-05] (Microsoft Games ) <==== ATTENTION
C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe
C:\Users\Tavi\APRO23_Win_ESD1_WWEFG.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {8ACBB9A1-7177-450A-9B01-4A261D71349C} - System32\Tasks\Chess Titans => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [2016-06-05] (Microsoft Games ) <==== ATTENTION
Empty Temp:

How Can I Reduce My Risk to Malware?


#3 tavia

tavia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 11 September 2017 - 11:54 AM

Hi, shelf life, thanks for helping me.

 

When the initial problem occurred - with all the other symptoms such as pop ups - it happened in all browsers.   I even tested with IE, which I never use, and it had crossed over into that.  However, now that it's just link jacking and is down to only a few times a day rather than constantly like before, I don't know if it is still happening on Firefox and IE, or if it's just Chrome.  That's because it occurs several times a day and seemingly randomly, and I don't use Firefox often enough to give it time to occur.  I can switch to FF for the next few days if you want to test it out.  

 

The fix seems to have erased all my browser history and removed saved tabs.  Haven't had any link jack so far since running it but again, that might be due to not giving it sufficient time to pounce again.  

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by Tavi (11-09-2017 09:14:53) Run:1
Running from C:\Users\Tavi\Desktop
Loaded Profiles: Tavi (Available Profiles: Tavi)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\...\Run: [prsetup.exe] => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [538760 2016-06-05] (Microsoft Games ) <==== ATTENTION
C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe
C:\Users\Tavi\APRO23_Win_ESD1_WWEFG.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {8ACBB9A1-7177-450A-9B01-4A261D71349C} - System32\Tasks\Chess Titans => C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe [2016-06-05] (Microsoft Games ) <==== ATTENTION
Empty Temp:
*****************
 
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKU\S-1-5-21-2645473726-2758460455-588782209-1001\Software\Microsoft\Windows\CurrentVersion\Run\\prsetup.exe => value removed successfully
C:\Users\Tavi\AppData\Local\Temp\is-KIAH5.tmp\prsetup.exe => moved successfully
C:\Users\Tavi\APRO23_Win_ESD1_WWEFG.exe => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ACBB9A1-7177-450A-9B01-4A261D71349C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ACBB9A1-7177-450A-9B01-4A261D71349C} => key removed successfully
C:\WINDOWS\System32\Tasks\Chess Titans => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chess Titans => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 86762002 B
Java, Flash, Steam htmlcache => 161494553 B
Windows/system/drivers => 61117042 B
Edge => 8219783 B
Chrome => 162926450 B
Firefox => 446027180 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 12412 B
NetworkService => 10250 B
Tavi => 1306610677 B
 
RecycleBin => 9932025 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:21:11 ====


#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:04:37 PM

Posted 11 September 2017 - 04:06 PM

Ok good. Why dont you just rotate between all the browsers over a few days and see if it happens again and in which browser then we will go from there. hopefully your good to go though.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users